Inicio de zonavirus, antivirus
zonavirus / noticias / deteccion por viruscan del zimuse con actuales dat 5873

Deteccion por Viruscan del Zimuse con actuales DAT 5873

msc hotline sat
Wednesday, January 27, 2010
Ayer adelantabamos la noticia del nuevo y peligros ZIMUSE, con payload destructivo segun decíamos en http://www.zonavirus.com/noticias/2010/nuevo-virus-de-mbr-win32zimuse-con-payload-destructivo-que-sobreescribe-el-mbr-y-se-propaga-por-pendrive.asp





Hoy nos informa McAfee que ya está controlado por el actual DAT del VirusScan:






W32/Zimuse





Type

Virus

SubType

Worm

Discovery Date

01/25/2010

Length

Minimum DAT

N/A (01/26/2010)

Updated DAT

5873 (01/26/2010)

Minimum Engine

5.3.00

Description Added

01/25/2010

Description Modified

01/27/2010 2:55 AM (PT)



Overview -



This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Characteristics -



-- Update January 26, 2010 --

The risk assessment of this threat has been updated to Low-Profiled due to media attention at: http://www.theregister.co.uk/2010/01/25/slovak_biker_destructive_worm/



Upon execution, the malware drops the following files



* %windir%\system32\drivers\Mstart.sys

* %ProgramFiles%\Dump\Dump.exe

* %windir%\system32\drivers\Mseu.sys

* %windir%\system32\tokset.dll

* %windir%\system32\ainf.inf

* %SystemDrive%\IQTEST\Iqtest.exe

* %windir%\system32\Mseus.exe



It creates follwing registry entries:



* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTART

o "Type" = "0x1"

o "Start" = "0x3"

o "ImagePath" = "%windir%\system32\drivers\Mstart.sys"

o "ErrorControl" = "0x1"

o "DisplayName" = "MSTART"







* HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UnzipService

o "Type" = "0x110"

o "Start" = "0x2"

o "ImagePath" = "System32\Mseus.exe"

o "ErrorControl" = "0x0"

o "DisplayName" = "Self extract service"

o "ObjectName" = "LocalSystem"

o "Description" = "Self extract archive decrypt"







* HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

"Dump" = "%ProgramFiles%\Dump\Dump.exe"





http://vil.nai.com/vil/content/v_254683.htm

 RSS Noticias AntivirusRSS Noticias Articulos AntivirusRSS Articulos RSS Descargas AntivirusRSS Descargas

>> Compartir

comparte con tus amigos, zonavirus.com
Redes Sociales en zonavirus
zonavirus / noticias / deteccion por viruscan del zimuse con actuales dat 5873
© 1998-2026 - pym:sol Aviso Legal | Política de Privacidad | Política de Cookies | Contacto