Trojan.Generic|Trojan-Downloader.Win32.Zlob.bftb|Trojan Horse

Detected Or Reported Times:

Infected OS Platform:

Windows Server 2003

Windows XP Professional

Windows 98

Trojan.Generic|Trojan-Downloader.Win32.Zlob.bftb|Trojan Horse also Detected related threat as following:

a3Ghv2M5LF.exe

dBD6350Xyg.sys

e2dVduST3C2R.sys

58PuWtN7.exe

jlAS.exe

Ig05G1O1e47a.exe

QKPa.exe

62x7F7v046tI.ocx

Hq5.exe

Wo4w42.dll

101yrxb8AN.dll

EnD8KU67q1p6.dll

Detected Time: 12 February 2010, 14:06:33

Engine Scaned: 9 min 2 sec

Sample Description:MD5: 0x4910935754D82A2A00AB775691377EE4

SHA-1: 0x6EF28C89309553FDA2A2031428FE4CFB807A9D2B

Filesize: 29,184 bytes

Alias:

Trojan.Generic - by PCTools

Trojan Horse - by Symantec

Trojan-Downloader.Win32.Zlob.bftb - by Kaspersky Lab

Generic Dropper!y - by McAfee

Mal/Jevafus-A - by Sophos

Win-Trojan/Zlob.29184.ID - by AhnLab

Harmful Beheavor Summary:

Downloads/requests other files from Internet.Contains characteristics of an identified security risk.

Threat Category Description:A program that downloads files to the local computer that may represent security riskA malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment

1 Sample Name #129,184 bytesMD5: 0x4910935754D82A2A00AB775691377EE4
SHA-1: 0x6EF28C89309553FDA2A2031428FE4CFB807A9D2BTrojan.Generic - by PCTools
Trojan Horse - by Symantec
Trojan-Downloader.Win32.Zlob.bftb - by Kaspersky Lab
Generic Dropper!y - by McAfee
Mal/Jevafus-A - by Sophos
Win-Trojan/Zlob.29184.ID - by AhnLab

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\New Windows\Allow

HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host

HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings

There were registered attempts to establish connection with the remote hosts. The connection details are:

Remote HostPort Number204.0.5.980204.13.160.1780204.13.161.5180208.73.210.1258066.114.51.748069.65.19.1258074.125.65.1558074.125.65.1668076.13.210.508076.13.210.5380

http://content.yieldmanager.com/ak/q.gif

http://ads1.revenue.net/j?site_id=12169pplacement_id=1r_num=19939556

http://ads1.revenue.net/load/227245/index.html?O_R_NUM=19939556O_RANK=1O_CREATIVE_ID=227245O_PPLACEMENT_ID=1O_SITE_ID=12169

http://spi.domainsponsor.com/css/724/landing/en.css

http://spi.domainsponsor.com/images/724/body_bg.jpg

http://spi.domainsponsor.com/images/724/container_bg.jpg

http://spi.domainsponsor.com/images/724/td_bg.jpg

http://spi.domainsponsor.com/images/724/keywords_bg.jpg

http://spi.domainsponsor.com/images/724/bullet.jpg

http://spi.domainsponsor.com/images/724/pop_cat_top.jpg

http://spi.domainsponsor.com/images/724/searchtext_bg.jpg

http://spi.domainsponsor.com/images/724/search.jpg

http://spi.domainsponsor.com/images/724/footer_bg.jpg

http://searchportal.information.com/?o_id=94081domainname=search.hopto.org

http://panther1.cpxinteractive.com/mz/ds.js

http://panther1.cpxinteractive.com/pixel.gif

http://search.hopto.org/ldr/j3_2.php?s=

http://googleads.g.doubleclick.net/pagead/test_domain.js

http://pagead2.googlesyndication.com/pagead/show_ads.js

http://pagead2.googlesyndication.com/pagead/expansion_embed.js

http://pagead2.googlesyndication.com/pagead/render_ads.js

http://pagead2.googlesyndication.com/pagead/js/graphics.js

http://pagead2.googlesyndication.com/pagead/abglogo/abg-lv-100c-ffffff.png

http://adserving.cpxinteractive.com/st?ad_type=popad_size=0x0section=782443banned_pop_types=29pop_times=1pop_frequency=0pop_nofreqcap=1

http://adserving.cpxinteractive.com/imp?Z=0x0y=29s=782443_salt=1283217428B=10r=1

http://ad.yieldmanager.com/imp?Z=0x0y=29s=782443_salt=1283217428B=10r=1

http://ad.yieldmanager.com/imp?Z=0x0y=29s=782443_salt=1283217428B=10r=1SIG=10vfsorlr;x-cookie=rce4nd95aoqzio=4f=ad

http://cookex.amp.yahoo.com/v2/cexposer/SIG=12gdhjjc5/*http%3A//ad.yieldmanager.com/imp?Z=0x0y=29s=782443_salt=1283217428B=10r=1

http://adult.oo.lv/ldr/j3_2.php?s=

Reported Infected Country:

Belgium

Iceland

Canada

Brazil

Spread Way:

Registry Value Creation

Network Spread

E-Mail