Search
Keyword: irc generic
Update Backdoor Routine This backdoor connects to any of the following Internet Relay Chat (IRC) servers: fo3.net It joins any of the following IRC channel(s): #Huxor# #huxor.scan# #Huxor.scan# #log# It
This malware is a generic Android device root tool. Rooting allows users the ability to change system settings, run apps, and perform other privileges that are often inaccessible to normal users.
VirTool:Win32/DelfInject.gen!X (Microsoft); PWS-LDPinch.a!hv (McAfee); IRC Trojan (Symantec); PAK:UPX, Packed.Win32.CPEX-based.eq (Kaspersky); Packed.Win32.ExeFlasher (v) (Sunbelt); Application.Generic.176086 (FSecure)
URL: {BLOCKED}.165.90 This report is generated via an automated analysis system. Worm:Win32/Hamweq.A (Microsoft); IRC Trojan (Symantec); Packed.Win32.Klone.bb (Kaspersky); Mal/Krap-K (Sophos);
This is the Trend Micro generic detection for files that targets a Microsoft Excel vulnerability. This vulnerability allows execution of arbitrary code with currently logged-on user privileges via a
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Generic Host Process = "%System%\scvhost.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
This is the Trend Micro Generic DCT detection name used for cleanup of certain malware. Once any of the detections is flagged, this cleanup is automatically called to perform certain actions on the
VirTool:Win32/DelfInject.gen!X (Microsoft); BackDoor-DOQ.gen.w (McAfee); IRC Trojan (Symantec); Packed.Win32.CPEX-based.d (Kaspersky); Trojan.Win32.Generic!BT (Sunbelt); Trojan.IRC (FSecure)
%\generic\em %System Root%\Users %User Temp%\generic %User Temp%\shipped %User Temp%\_images %User Profile%\AppData (Note: %User Temp% is the current user's Temp folder, which is usually C:\Documents
to any of the following IRC server(s): av.{BLOCKED}en.cc av.{BLOCKED}nc.cz up.{BLOCKED}vidic.net up.{BLOCKED}eek.net up.{BLOCKED}cat.org up.{BLOCKED}ys.in up.{BLOCKED}awy.in Other Details This worm
download and execute arbitrary files, and update itself. Variants may also check for AV-related files in the infected computer. Some ZAPCHAST variants use an IRC client to perform backdoor routines. This
/tmp/ktx* /tmp/cpuminer-multi /var/tmp/kaiten Backdoor Routine This Backdoor connects to any of the following IRC server(s): ix1.{BLOCKED}et.org ix2.{BLOCKED}et.org Ashburn.Va.Us.{BLOCKED}et.org
Installation This worm drops the following component file(s): %Program Files%\Microsoft Office\OFFICE11\control.ini - IRC configuration file %Program Files%\Microsoft Office\OFFICE11\Drvics32.dll - network
\ Windows\CurrentVersion\Run Generic Host Process for Win32 Services = "ghsvc.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\RunServices Generic Host Process for Win32 Services =
\ Windows\CurrentVersion\Run Generic Host Process for Win32 Services = "ghsvc.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\RunServices Generic Host Process for Win32 Services =
%User Temp%\generic\em %System Root%\Users %User Temp%\generic %User Temp%\shipped %User Temp%\_images %AppDataLocal%\{username} %User Profile%\AppData (Note: %User Temp% is the current user's Temp
FAKEAV. SDBOT's backdoor capabilities allows other commands and functions to be performed on the infected computer. These commands may include: Check malware's status Disconnect the bot from IRC Generate a
. It infects certain file types. It avoids infecting files that contain certain strings in their names. It adds certain strings to the Windows HOSTS file. It connects to certain IRC servers using UDP
webroot. wilderssecurity windowsupdate NOTES: This worm's configuration file contains the following information: FTP hosts (upload sites) Infection log IRC data Reference to the components and their
successful connection is mad, it will join a certain channel to send and receive information from/to its IRC C&C server. However, the said sites are currently inaccessible. This worm may be downloaded by other