Remote Host Port Number
92.243.0.110 4949 PASS Virus
NICK VirUs-eduzfbbr
USER VirUs “” “duf” :
8Coded
8VirUs..
JOIN #FEB4# Virus
* The following directories were created:
o c:NORTON
o c:NORTONU-34543ANTI-9998887776-23234532-565
Registry Modifications
* The following Registry Key was created:
o HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{64KLC5K0-4OPM-00WE-AAX8-27EF1D183366}
* The newly created Registry Value is:
o [HKEY_LOCAL_MACHINESOFTWAREMicrosoftActive SetupInstalled Components{64KLC5K0-4OPM-00WE-AAX8-27EF1D183366}]
+ StubPath = “c:NORTONU-34543ANTI-9998887776-23234532-565nav.exe”
so that nav.exe runs every time Windows starts
File System Modifications
* The following files were created in the system:
# Filename(s) File Size File Hash Alias
1 c:NORTONU-34543ANTI-9998887776-23234532-565DeSkToP.ini 62 bytes MD5: 0x7457A5DF1FF47C957ACF1FA000D7D9AD
SHA-1: 0x69D2BBA827FD4DE0169419A0FDA280252B348514 (not available)
2 c:NORTONU-34543ANTI-9998887776-23234532-565nav.exe
[file and pathname of the sample #1] 61 441 bytes MD5: 0x9688CD132E9348CAA0502AC4345B1DB2
SHA-1: 0xA15FFB6FD3A9C3D1F869F5445B0101DA43CAE3D2 W32.Ircbrute [Symantec]
Worm.Win32.AutoRun.hci [Kaspersky Lab]
W32/Autorun.worm.h [McAfee]
Mal/VBInject-D [Sophos]
VirTool:Win32/VBInject.gen!DA [Microsoft]
Virus.Win32.VBInject [Ikarus]
Win-Trojan/Xema.variant [AhnLab]