HTML-Scriptvirus HTML/LowZones.AP

Cyric

File:

winsystem.exe Status: INFECTED/MALWARE
MD5 0bbc5f25fbc1d2118c066faa14f04e3c Packers detected: PE_PATCH.MORPHINE, MORPHINE, UPX
Scanner results
AntiVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Backdoor.RBot.E14E4607
ClamAV Found nothing
Dr.Web Found Win32.HLLW.MyBot.based
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Backdoor.Win32.Rbot.gen
mks_vir Found Win32.4 (probable variant)
NOD32 Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control Found Sandbox: W32/Backdoor; [ General information ]

* **Locates window "NULL [class mIRC]" on desktop.
* File length: 99328 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\SYSTEM\winsystem.exe.
* Deletes file 1.

[ Changes to registry ]
* Creates value "startwinsystem"="winsystem.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
* Creates value "startwinsystem"="winsystem.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices".
* Creates value "startwinsystem"="winsystem.exe" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".

[ Network services ]
* Looks for an Internet connection.
* Connects to "whiteflag.afraid.org" on port 6667 (TCP).
* Connects to IRC server.

[ Security issues ]
* Possible backdoor functionality [Authenticate] port 113.

[ Process/window information ]
* Creates a mutex Drego_UP v1.1.
* Will automatically restart after boot (I'll be back...).
VBA32 Found nothing

das hat jotti ausgespuckt.

dann werde icke mir mal TOSW5.0 holen.
sage mal wo kann man die ganzen updates von windows sich holen (zwecks cd)