Profusion de variantes de PROXY EXI, de moda actualmente

Publicado el 2 diciembre 2011 ¬ 11:01 amh.mscComentarios desactivados

Este troyano, que sin tener nada que ver nos llega a veces conjuntamente con muestras de Sirefef, posiblemente por haber sido descargados simultáneamente, lo integran tres ficheros de los cuales uno tiene nombre fijo, el LVVM.EXE, si bien cuelga de una carpeta variable, mientras que los otros dos son de nombre y ubicación variables.

Todas estas variantes están controladas a partir del ELISTARA 24.39 de ayer, las cuales en el preanalisis copn virustotal ofrecen el siguiente informe:

File name: 0BCD7.exe.vir
Submission date: 2011-12-02 07:54:02 (UTC)
Current status: queued queued analysing finished
Result: 15/ 43 (34.9%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.02 2011.12.01 –
AntiVir 7.11.18.177 2011.12.02 TR/Crypt.EPACK.Gen2
Antiy-AVL 2.0.3.7 2011.12.02 –
Avast 6.0.1289.0 2011.12.01 Win32:Gbot-T [Trj]
AVG 10.0.0.1190 2011.12.01 Win32/Cryptor
BitDefender 7.2 2011.12.02 Gen:Variant.Cycbot.1
ByteHero 1.0.0.1 2011.11.29 –
CAT-QuickHeal 12.00 2011.12.02 Backdoor.Cycbot.B
ClamAV 0.97.3.0 2011.12.02 –
Commtouch 5.3.2.6 2011.12.02 –
Comodo 10806 2011.12.02 –
DrWeb 5.0.2.03300 2011.12.02 BackDoor.Gbot.1591
Emsisoft 5.1.0.11 2011.12.02 –
eSafe 7.0.17.0 2011.12.01 –
eTrust-Vet 37.0.9598 2011.12.01 –
F-Prot 4.6.5.141 2011.11.29 –
F-Secure 9.0.16440.0 2011.12.02 Gen:Variant.Cycbot.1
Fortinet 4.3.388.0 2011.12.02 –
GData 22 2011.12.02 Gen:Variant.Cycbot.1
Ikarus T3.1.1.109.0 2011.12.02 –
Jiangmin 13.0.900 2011.12.02 –
K7AntiVirus 9.119.5570 2011.11.30 Backdoor
Kaspersky 9.0.0.837 2011.12.02 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.12.02 Artemis!E64FD8B9574E
McAfee-GW-Edition 2010.1D 2011.12.01 Artemis!E64FD8B9574E
Microsoft 1.7903 2011.12.02 –
NOD32 6668 2011.12.01 –
Norman 6.07.13 2011.12.01 W32/Cycbot.ER
nProtect 2011-12-02.01 2011.12.02 –
Panda 10.0.3.5 2011.12.01 Trj/Cycbot.gen
PCTools 8.0.0.5 2011.12.02 –
Prevx 3.0 2011.12.02 –
Rising 23.86.04.01 2011.12.02 –
Sophos 4.71.0 2011.12.02 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.12.02 –
Symantec 20111.2.0.82 2011.12.02 –
TheHacker 6.7.0.1.352 2011.12.01 –
TrendMicro 9.500.0.1008 2011.12.02 –
TrendMicro-HouseCall 9.500.0.1008 2011.12.02 –
VBA32 3.12.16.4 2011.12.01 –
VIPRE 11190 2011.12.02 –
ViRobot 2011.12.2.4804 2011.12.02 –
VirusBuster 14.1.95.0 2011.12.01 –
Additional informationShow all
MD5 : e64fd8b9574ea5c5334b4c410cbad730
SHA1 : 9c61d5c39d061cbe1b09c318a50c3cce7e718385

File size : 173056 bytes
__________
Y estos, que en cada máquina se instalan con el mismo nombre en función del ordenador, son los que la heuristica del ELISTARA ya pide muestras:
File name: 008(1).exe,vir
Submission date: 2011-12-02 08:09:22 (UTC)
Current status: queued queued analysing finished
Result: 27/ 43 (62.8%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.02 2011.12.01 Trojan/Win32.Jorik
AntiVir 7.11.18.177 2011.12.02 BDS/Cycbot.AC.1
Antiy-AVL 2.0.3.7 2011.12.02 Trojan/Win32.Lebag.gen
Avast 6.0.1289.0 2011.12.01 Win32:BackDoor-YI [Trj]
AVG 10.0.0.1190 2011.12.01 BackDoor.Generic14.BYQY
BitDefender 7.2 2011.12.02 Backdoor.Cycbot.BJ
ByteHero 1.0.0.1 2011.11.29 Trojan.Win32.Heur.Gen
CAT-QuickHeal 12.00 2011.12.02 Backdoor.Cycbot.B
ClamAV 0.97.3.0 2011.12.02 –
Commtouch 5.3.2.6 2011.12.02 –
Comodo 10810 2011.12.02 Heur.Suspicious
DrWeb 5.0.2.03300 2011.12.02 BackDoor.Gbot.1589
Emsisoft 5.1.0.11 2011.12.02 Backdoor.Win32.Cycbot!IK
eSafe 7.0.17.0 2011.12.01 –
eTrust-Vet 37.0.9598 2011.12.01 –
F-Prot 4.6.5.141 2011.11.29 –
F-Secure 9.0.16440.0 2011.12.02 Backdoor.Cycbot.BJ
Fortinet 4.3.388.0 2011.12.02 W32/FakeAV.IS!tr.bdr
GData 22 2011.12.02 Backdoor.Cycbot.BJ
Ikarus T3.1.1.109.0 2011.12.02 Backdoor.Win32.Cycbot
Jiangmin 13.0.900 2011.12.02 –
K7AntiVirus 9.119.5570 2011.11.30 –
Kaspersky 9.0.0.837 2011.12.02 Trojan.Win32.Lebag.hke
McAfee 5.400.0.1158 2011.12.02 BackDoor-EXI.gen.aa
McAfee-GW-Edition 2010.1D 2011.12.01 BackDoor-EXI.gen.aa
Microsoft 1.7903 2011.12.02 Backdoor:Win32/Cycbot.G
NOD32 6668 2011.12.01 –
Norman 6.07.13 2011.12.01 W32/Cycbot.ER
nProtect 2011-12-02.01 2011.12.02 Backdoor/W32.Cycbot.285184
Panda 10.0.3.5 2011.12.01 Trj/Cycbot.gen
PCTools 8.0.0.5 2011.12.02 –
Prevx 3.0 2011.12.02 –
Rising 23.86.04.01 2011.12.02 –
Sophos 4.71.0 2011.12.02 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.12.02 Trojan.Agent/Gen-Cycbot
Symantec 20111.2.0.82 2011.12.02 –
TheHacker 6.7.0.1.352 2011.12.01 –
TrendMicro 9.500.0.1008 2011.12.02 BKDR_CYCBOT.SME3
TrendMicro-HouseCall 9.500.0.1008 2011.12.02 BKDR_CYCBOT.SME3
VBA32 3.12.16.4 2011.12.01 –
VIPRE 11190 2011.12.02 Trojan.Win32.Generic!BT
ViRobot 2011.12.2.4804 2011.12.02 –
VirusBuster 14.1.95.0 2011.12.01 –
Additional informationShow all
MD5 : b89ec8b7c50a503a54ecfd1492676fe4
SHA1 : c4e58e347e8e7847cdf4ee80084f594c25afb45d

File size : 285184 bytes
_______
File name: 008(2).exe.vir
Submission date: 2011-12-02 08:17:42 (UTC)
Current status: queued queued analysing finished
Result: 17/ 43 (39.5%)
VT Community

not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.02 2011.12.01 –
AntiVir 7.11.18.177 2011.12.02 TR/Crypt.EPACK.Gen2
Antiy-AVL 2.0.3.7 2011.12.02 –
Avast 6.0.1289.0 2011.12.01 Win32:Gbot-T [Trj]
AVG 10.0.0.1190 2011.12.01 Win32/Cryptor
BitDefender 7.2 2011.12.02 Gen:Variant.Kazy.46520
ByteHero 1.0.0.1 2011.11.29 Trojan.Win32.Heur.Gen
CAT-QuickHeal 12.00 2011.12.02 Backdoor.Cycbot.B
ClamAV 0.97.3.0 2011.12.02 –
Commtouch 5.3.2.6 2011.12.02 –
Comodo 10810 2011.12.02 Heur.Suspicious
DrWeb 5.0.2.03300 2011.12.02 BackDoor.Gbot.1851
Emsisoft 5.1.0.11 2011.12.02 –
eSafe 7.0.17.0 2011.12.01 –
eTrust-Vet 37.0.9598 2011.12.01 –
F-Prot 4.6.5.141 2011.11.29 –
F-Secure 9.0.16440.0 2011.12.02 Gen:Variant.Kazy.46520
Fortinet 4.3.388.0 2011.12.02 –
GData 22.293/22.545 2011.12.02 Gen:Variant.Kazy.46520
Ikarus T3.1.1.109.0 2011.12.02 –
Jiangmin 13.0.900 2011.12.02 –
K7AntiVirus 9.119.5570 2011.11.30 –
Kaspersky 9.0.0.837 2011.12.02 Trojan.Win32.Lebag.hkn
McAfee 5.400.0.1158 2011.12.02 Generic.grp!ep
McAfee-GW-Edition 2010.1D 2011.12.01 Artemis!B7882542F47C
Microsoft 1.7903 2011.12.02 –
NOD32 6668 2011.12.01 –
Norman 6.07.13 2011.12.01 W32/Cycbot.ER
nProtect 2011-12-02.01 2011.12.02 –
Panda 10.0.3.5 2011.12.01 Trj/Cycbot.gen
PCTools 8.0.0.5 2011.12.02 –
Prevx 3.0 2011.12.02 –
Rising 23.86.04.01 2011.12.02 –
Sophos 4.71.0 2011.12.02 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.12.02 –
Symantec 20111.2.0.82 2011.12.02 –
TheHacker 6.7.0.1.352 2011.12.01 –
TrendMicro 9.500.0.1008 2011.12.02 –
TrendMicro-HouseCall 9.500.0.1008 2011.12.02 –
VBA32 3.12.16.4 2011.12.01 –
VIPRE 11190 2011.12.02 Trojan.Win32.Generic!BT
ViRobot 2011.12.2.4804 2011.12.02 –
VirusBuster 14.1.95.0 2011.12.01 –
Additional informationShow all
MD5 : b7882542f47ca9f400b0abe78a881651
SHA1 : 1d6667a66d9d0cc933af19aed3b9eca4ae66f9b5

File size : 286208 bytes

_______
File name: 008(3).exe.vir
Submission date: 2011-12-02 09:05:20 (UTC)
Current status: queued (#19) queued analysing finished
Result: 18/ 43 (41.9%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.02 2011.12.01 –
AntiVir 7.11.18.196 2011.12.02 TR/Crypt.EPACK.Gen2
Antiy-AVL 2.0.3.7 2011.12.02 –
Avast 6.0.1289.0 2011.12.02 Win32:Gbot-T [Trj]
AVG 10.0.0.1190 2011.12.01 Win32/Cryptor
BitDefender 7.2 2011.12.02 Gen:Variant.Kazy.46520
ByteHero 1.0.0.1 2011.11.29 –
CAT-QuickHeal 12.00 2011.12.02 Backdoor.Cycbot.B
ClamAV 0.97.3.0 2011.12.02 –
Commtouch 5.3.2.6 2011.12.02 –
Comodo 10810 2011.12.02 –
DrWeb 5.0.2.03300 2011.12.02 BackDoor.Gbot.1851
Emsisoft 5.1.0.11 2011.12.02 Win32.SuspectCrc!IK
eSafe 7.0.17.0 2011.12.01 –
eTrust-Vet 37.0.9598 2011.12.01 –
F-Prot 4.6.5.141 2011.11.29 –
F-Secure 9.0.16440.0 2011.12.02 Gen:Variant.Kazy.46520
Fortinet 4.3.388.0 2011.12.02 –
GData 22 2011.12.02 Gen:Variant.Kazy.46520
Ikarus T3.1.1.109.0 2011.12.02 Win32.SuspectCrc
Jiangmin 13.0.900 2011.12.02 –
K7AntiVirus 9.119.5570 2011.11.30 –
Kaspersky 9.0.0.837 2011.12.02 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.12.02 Artemis!544B8707F747
McAfee-GW-Edition 2010.1D 2011.12.01 Artemis!544B8707F747
Microsoft 1.7903 2011.12.02 PWS:Win32/Fareit.C
NOD32 6668 2011.12.01 –
Norman 6.07.13 2011.12.01 W32/Cycbot.ER
nProtect 2011-12-02.01 2011.12.02 –
Panda 10.0.3.5 2011.12.01 Trj/Cycbot.gen
PCTools 8.0.0.5 2011.12.02 –
Prevx 3.0 2011.12.02 –
Rising 23.86.04.02 2011.12.02 –
Sophos 4.71.0 2011.12.02 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.12.02 –
Symantec 20111.2.0.82 2011.12.02 –
TheHacker 6.7.0.1.352 2011.12.01 –
TrendMicro 9.500.0.1008 2011.12.02 –
TrendMicro-HouseCall 9.500.0.1008 2011.12.02 –
VBA32 3.12.16.4 2011.12.01 –
VIPRE 11190 2011.12.02 –
ViRobot 2011.12.2.4804 2011.12.02 Trojan.Win32.Generic.286208
VirusBuster 14.1.95.0 2011.12.01 –
/Additional informationShow all
MD5 : 544b8707f74762c11a5f67af5b78e0bd
SHA1 : 87978cedf7f4c72f1b6c2255c29633a2d34da518

File size : 286208 bytes
_______
Y LOS OTROs FICHEROs QUE COMPLETAN EL KIT:

File name: 15.tmp
Submission date: 2011-12-02 09:07:11 (UTC)
Current status: queued queued analysing finished
Result: 20/ 43 (46.5%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.02 2011.12.01 –
AntiVir 7.11.18.196 2011.12.02 TR/Crypt.EPACK.Gen2
Antiy-AVL 2.0.3.7 2011.12.02 –
Avast 6.0.1289.0 2011.12.02 Win32:Gbot-T [Trj]
AVG 10.0.0.1190 2011.12.01 Generic26.KKX
BitDefender 7.2 2011.12.02 Trojan.Generic.6997317
ByteHero 1.0.0.1 2011.11.29 Trojan.Win32.Heur.Gen
CAT-QuickHeal 12.00 2011.12.02 Backdoor.Cycbot.B
ClamAV 0.97.3.0 2011.12.02 –
Commtouch 5.3.2.6 2011.12.02 –
Comodo 10810 2011.12.02 –
DrWeb 5.0.2.03300 2011.12.02 Trojan.PWS.Multi.363
Emsisoft 5.1.0.11 2011.12.02 Trojan.Win32.Agent.AMN!A2
eSafe 7.0.17.0 2011.12.01 –
eTrust-Vet 37.0.9598 2011.12.01 –
F-Prot 4.6.5.141 2011.11.29 –
F-Secure 9.0.16440.0 2011.12.02 Trojan.Generic.6997317
Fortinet 4.3.388.0 2011.12.02 –
GData 22 2011.12.02 Trojan.Generic.6997317
Ikarus T3.1.1.109.0 2011.12.02 –
Jiangmin 13.0.900 2011.12.02 –
K7AntiVirus 9.119.5570 2011.11.30 Backdoor
Kaspersky 9.0.0.837 2011.12.02 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.12.02 Artemis!4C04EC47C44B
McAfee-GW-Edition 2010.1D 2011.12.01 Artemis!4C04EC47C44B
Microsoft 1.7903 2011.12.02 –
NOD32 6668 2011.12.01 a variant of Win32/Kryptik.CY
Norman 6.07.13 2011.12.01 W32/Cycbot.ER
nProtect 2011-12-02.01 2011.12.02 –
Panda 10.0.3.5 2011.12.01 Trj/Cycbot.gen
PCTools 8.0.0.5 2011.12.02 –
Prevx 3.0 2011.12.02 –
Rising 23.86.04.02 2011.12.02 –
Sophos 4.71.0 2011.12.02 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.12.02 Trojan.Agent/Gen-NumTemp
Symantec 20111.2.0.82 2011.12.02 –
TheHacker 6.7.0.1.352 2011.12.01 –
TrendMicro 9.500.0.1008 2011.12.02 –
TrendMicro-HouseCall 9.500.0.1008 2011.12.02 –
VBA32 3.12.16.4 2011.12.01 –
VIPRE 11190 2011.12.02 –
ViRobot 2011.12.2.4804 2011.12.02 Trojan.Win32.Generic.102400.Q
VirusBuster 14.1.95.0 2011.12.01 –
Additional informationShow all
MD5 : 4c04ec47c44bc997519e18ce5f20e9d6
SHA1 : 680968fe85eaa19ac68b8dabf3371dd81684ed83

File size : 102400 bytes
________
File name: lvvm(1).exe.vir
Submission date: 2011-12-02 09:11:50 (UTC)
Current status: queued queued analysing finished
Result: 16/ 43 (37.2%)
VT Community

not reviewed
Safety score: –
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.02 2011.12.01 –
AntiVir 7.11.18.196 2011.12.02 TR/Crypt.EPACK.Gen2
Antiy-AVL 2.0.3.7 2011.12.02 –
Avast 6.0.1289.0 2011.12.02 Win32:Gbot-T [Trj]
AVG 10.0.0.1190 2011.12.01 Win32/Cryptor
BitDefender 7.2 2011.12.02 Trojan.Generic.6996909
ByteHero 1.0.0.1 2011.11.29 –
CAT-QuickHeal 12.00 2011.12.02 Backdoor.Cycbot.B
ClamAV 0.97.3.0 2011.12.02 –
Commtouch 5.3.2.6 2011.12.02 –
Comodo 10810 2011.12.02 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.12.02 Trojan.DownLoader5.21626
Emsisoft 5.1.0.11 2011.12.02 –
eSafe 7.0.17.0 2011.12.01 –
eTrust-Vet 37.0.9598 2011.12.01 –
F-Prot 4.6.5.141 2011.11.29 –
F-Secure 9.0.16440.0 2011.12.02 Trojan.Generic.6996909
Fortinet 4.3.388.0 2011.12.02 –
GData 22 2011.12.02 Trojan.Generic.6996909
Ikarus T3.1.1.109.0 2011.12.02 –
Jiangmin 13.0.900 2011.12.02 –
K7AntiVirus 9.119.5570 2011.11.30 Backdoor
Kaspersky 9.0.0.837 2011.12.02 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.12.02 Artemis!06BF1B1FB539
McAfee-GW-Edition 2010.1D 2011.12.01 Artemis!06BF1B1FB539
Microsoft 1.7903 2011.12.02 –
NOD32 6668 2011.12.01 –
Norman 6.07.13 2011.12.01 W32/Cycbot.ER
nProtect 2011-12-02.01 2011.12.02 –
Panda 10.0.3.5 2011.12.01 Trj/Cycbot.gen
PCTools 8.0.0.5 2011.12.02 –
Prevx 3.0 2011.12.02 –
Rising 23.86.04.02 2011.12.02 –
Sophos 4.71.0 2011.12.02 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.12.02 –
Symantec 20111.2.0.82 2011.12.02 –
TheHacker 6.7.0.1.352 2011.12.01 –
TrendMicro 9.500.0.1008 2011.12.02 –
TrendMicro-HouseCall 9.500.0.1008 2011.12.02 –
VBA32 3.12.16.4 2011.12.01 –
VIPRE 11190 2011.12.02 –
ViRobot 2011.12.2.4804 2011.12.02 –
VirusBuster 14.1.95.0 2011.12.01 –
Additional informationShow all
MD5 : 06bf1b1fb5394e3b685c14fec707a557
SHA1 : db917f59d7ad9040af1c1f2e6189079ad4108b48

File size : 189440 bytes

________
File name: lvvm(2).exe.vir
Submission date: 2011-12-02 09:20:42 (UTC)
Current status: queued (#3) queued (#4) analysing finished
Result: 17/ 43 (39.5%)
VT Community

malware
Safety score: 0.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.12.01.02 2011.12.01 –
AntiVir 7.11.18.196 2011.12.02 TR/Crypt.EPACK.Gen2
Antiy-AVL 2.0.3.7 2011.12.02 –
Avast 6.0.1289.0 2011.12.02 Win32:Gbot-T [Trj]
AVG 10.0.0.1190 2011.12.01 Win32/Cryptor
BitDefender 7.2 2011.12.02 Gen:Variant.Cycbot.1
ByteHero 1.0.0.1 2011.11.29 Trojan.Win32.Heur.Gen
CAT-QuickHeal 12.00 2011.12.02 Backdoor.Cycbot.B
ClamAV 0.97.3.0 2011.12.02 –
Commtouch 5.3.2.6 2011.12.02 –
Comodo 10810 2011.12.02 –
DrWeb 5.0.2.03300 2011.12.02 Trojan.DownLoader5.21690
Emsisoft 5.1.0.11 2011.12.02 –
eSafe 7.0.17.0 2011.12.01 –
eTrust-Vet 37.0.9598 2011.12.01 –
F-Prot 4.6.5.141 2011.11.29 –
F-Secure 9.0.16440.0 2011.12.02 Gen:Variant.Cycbot.1
Fortinet 4.3.388.0 2011.12.02 W32/Kryptik!tr
GData 22 2011.12.02 Gen:Variant.Cycbot.1
Ikarus T3.1.1.109.0 2011.12.02 –
Jiangmin 13.0.900 2011.12.02 –
K7AntiVirus 9.119.5570 2011.11.30 Backdoor
Kaspersky 9.0.0.837 2011.12.02 HEUR:Trojan.Win32.Generic
McAfee 5.400.0.1158 2011.12.02 Artemis!9324ED0BBDDC
McAfee-GW-Edition 2010.1D 2011.12.01 Artemis!9324ED0BBDDC
Microsoft 1.7903 2011.12.02 –
NOD32 6668 2011.12.01 –
Norman 6.07.13 2011.12.01 W32/Cycbot.ER
nProtect 2011-12-02.01 2011.12.02 –
Panda 10.0.3.5 2011.12.01 Trj/Cycbot.gen
PCTools 8.0.0.5 2011.12.02 –
Prevx 3.0 2011.12.02 –
Rising 23.86.04.02 2011.12.02 –
Sophos 4.71.0 2011.12.02 Mal/FakeAV-IS
SUPERAntiSpyware 4.40.0.1006 2011.12.02 –
Symantec 20111.2.0.82 2011.12.02 –
TheHacker 6.7.0.1.352 2011.12.01 –
TrendMicro 9.500.0.1008 2011.12.02 –
TrendMicro-HouseCall 9.500.0.1008 2011.12.02 –
VBA32 3.12.16.4 2011.12.01 –
VIPRE 11190 2011.12.02 –
ViRobot 2011.12.2.4804 2011.12.02 –
VirusBuster 14.1.95.0 2011.12.01 –
Additional informationShow all
MD5 : 9324ed0bbddcfbe0f7a4da66a5ff22c5
SHA1 : 679a7db4b159bf356fef51ebbceb99c90625ef55

File size : 189440 bytes
_________
Cabe indicar que a base de instalar el que detectamos heuristicamente, generamos los otros dos, y que es preciso eliminar los tres para que no siga regenerandose, por lo cual vamos implementando en el ELISTSRA no solo el control de la muestra que nos llega del mismo, sino de los que crean estas al monitorizarlas, y asi poder eliminar totalmente este troyano.

Solo queda luego restablecer el proxy deseado, eliminando el que instala el malware, o bien eliminar con el SPROCES la clave que aparece con el PROXY activo dirigido a un port del LOCAL HOST, 127.0.0.1, pues sino no se podría navegar

El síntoma clásico que presentan los ordenadores afectado por estos malwares es que pulsando en los enlaces de las búsquedas de Google, no se va a parar a la web deseada, sino a la que redirige dicho proxy.

Estos y las anteriores variantes del PROXY-EXI ya son controladas desde el ELISTARA 24.39 de ayer, ya disponible en nuestra web.

saludos

ms, 2-12-2011

__________

NOTA: Los interesados en información sobre contrato de soporte Asistencia Tecnica de SATINFO y/o licencia de uso/actualizaciones de sus utilidades, contacten con info@satinfo.es
__________

Este blog no se hace responsable de las opiniones y comentarios de los textos en los que se cita la Fuente, ofreciendo su contenido solo para facilitar el acceso a la información del mismo.

Virus06bf1b1fb5394e3b685c14fec707a557, 1d6667a66d9d0cc933af19aed3b9eca4ae66f9b5, 4c04ec47c44bc997519e18ce5f20e9d6, 544b8707f74762c11a5f67af5b78e0bd, 679a7db4b159bf356fef51ebbceb99c90625ef55, 680968fe85eaa19ac68b8dabf3371dd81684ed83, 87978cedf7f4c72f1b6c2255c29633a2d34da518, 9324ed0bbddcfbe0f7a4da66a5ff22c5, 9c61d5c39d061cbe1b09c318a50c3cce7e718385, Artemis!06BF1B1FB539, Artemis!4C04EC47C44B, Artemis!544B8707F747, Artemis!9324ED0BBDDC, Artemis!B7882542F47C, Artemis!E64FD8B9574E, b7882542f47ca9f400b0abe78a881651, b89ec8b7c50a503a54ecfd1492676fe4, BackDoor-EXI.gen.aa, c4e58e347e8e7847cdf4ee80084f594c25afb45d, db917f59d7ad9040af1c1f2e6189079ad4108b48, e64fd8b9574ea5c5334b4c410cbad730, elistara, Generic.grp!ep, Trojan.Win32.Generic, Trojan.Win32.Lebag.hke, Trojan.Win32.Lebag.hkn, Win32/Cycbot.G, Win32/Fareit.C, Win32/Kryptik.CY

Puedes seguir cualquier respuesta a esta entrada mediante el canal RSS 2.0. Los comentarios y los pings están cerrados.

Los comentarios están cerrados.

Profusion de variantes de PROXY EXI, de moda actualmente

Redes Sociales

Sesión y RSS

Enlaces

Categorías

Los 10 mas vistos

Uso de cookies

Profusion de variantes de PROXY EXI, de moda actualmente

Redes Sociales

Sesión y RSS

Enlaces

Categorías

Los 10 mas vistos

Etiquetas

Uso de cookies