Sus/GUnkPack-A

    Kategorie: Verdächtiges Verhalten und verdächtige DateienSchutz verfügbar seit:15 Sep 2010 08:48:34 (GMT)
    Typ: Suspicious fileZuletzt aktualisiert:30 Sep 2010 13:25:40 (GMT)

    Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

    Summary

    Files detected as Sus/GUnkPack-A exhibit suspicious behavior.

    Detailed analysis

    Example behaviors of Sus/GUnkPack-A follow:

    Example 1

    Other vendor detection

    Avira
    TR/Dropper.Gen
    Kaspersky
    Packed.Win32.Tdss.f
    Trend
    TROJ_FAKEAV.XB

    Example 2

    Other vendor detection

    Avira
    TR/Autorun.409637
    Kaspersky
    Worm.Win32.AutoRun.fvc
    Trend
    TROJ_VB.HZZ

    Runtime Analysis

    Copies Itself To
    • C:\WINDOWS\system32\explorer.exe
    • F:/RECYCLER/S-1-6-21-2434476521-1645641927-702000330-1542/redmond.exe
    Dropped Files
    • C:\WINDOWS\system32\schost.exe
    • F:/RECYCLER/S-1-6-21-2434476521-1645641927-702000330-1542/Desktop.ini
    • F:/autorun.inf
    Registry Keys Created
    • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
      C:\WINDOWS\system32\explorer.exe
      C:\WINDOWS\system32\explorer.exe:*:Enabled:Explorer
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
      QnX
      C:\WINDOWS\system32\schost.exe
    • HKLM\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service
      FailureActions
      0a 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 b8 0b 00 00
    • HKCU\Software\Microsoft\Windows NT\CurrentVersion
      (Default)
      H1UYEEMA[QRspr{gm8;Rhaa}%ktn
    • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
      FailureActions
      0a 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 b8 0b 00 00
    • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc
      FailureActions
      0a 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 b8 0b 00 00
    • HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{77520Q86-864L-N81R-0R2W-7U2G0P22436U}
      StubPath
      "C:\WINDOWS\system32\schost.exe"
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      Internet Explorer Updater
      C:\WINDOWS\system32\explorer.exe
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer
      internet
      09
    Registry Keys Modified
    • HKLM\SYSTEM\CurrentControlSet\Services\ERSvc
      Start
      0x00000004
    • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
      Start
      0x00000004
    HTTP Requests
    • http://whatismyip.com/automation/n09230945.asp
    DNS Requests
    • bogus.com
    • test.com
    • wibble.com
    • www.whatismyip.com

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Download Sophos Produkte kostenlos testen
    Jetzt downloaden