Worm.Win32.NITOL.JKA
Trojan.Win32.MicroFake.ba(KASPERSKY), DDoS:Win32/Nitol(MICROSOFT), Win32/Agent.RNS trojan(NOD32)
Windows
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Worm
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
Arrival Details
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Worm drops the following files:
- %System%\{random}.exe
(Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.)
It drops the following copies of itself into the affected system:
- %System%\hr{random}.dll
(Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.)
Autostart Technique
This Worm starts the following services:
- Service Name: Distribu{random}
Display Name: Distribulsm Transaction Coordinator Service
Start Type: SERVICE_AUTO_START
Binary Pathname: %System%\{random}.exe
(Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.)
Other Details
This Worm does the following:
- This worm drops the following copy of itself in all folders in all physical and removable drives containing an EXE file:
- lpk.dll