W32/Scar-AR

Category: Viruses and SpywareProtection available since:30 May 2011 15:01:05 (GMT)
Type: Win32 wormLast Updated:30 May 2011 15:01:05 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Scar-AR exhibits the following characteristics:

File Information

Size
28K
SHA-1
6c60d2e299b9b2d9b6c1fc3c4827c6d9f60cc260
MD5
c77e1bf05d12938ba624c5810a3068fe
CRC-32
cf725702
File type
application/x-ms-dos-executable
First seen
2011-05-28

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system\csrcs.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\~DF7572.tmp
    Size
    16K
    SHA-1
    310dc3ec9f6b5a14b53baacb68515945c4099cfd
    MD5
    41e0d1a141869c612418e9dfbf9ad0d0
    CRC-32
    7bf645b8
    File type
    application/octet-stream
    First seen
    2010-09-07
  • C:\WINDOWS\system32\drivers\etc\hosts
Modified Files
  • %SYSTEM%\drivers\etc\hosts
    • Changed the file contents
Registry Keys Created
  • HKCU\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMail\.Default
    (Default)
  • HKCU\AppEvents\Schemes\Apps\MSMSGS\MSMSGS_NewMessage\.Default
    (Default)
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Windows Player
    C:\Windows\System\csrcs.exe
Processes Created
  • c:\program files\messenger\msmsgs.exe
HTTP Requests
  • http://mmnnaavenezuela2.co.cc/priv8/bots.php
DNS Requests
  • mmnnaavenezuela2.co.cc