Trojaner-Board - Dialer - rdgFR1882.exe

Dein Betreff ist schlecht gewählt. Hilfe brauchen hier viele.

zu 1) Dailer? Dialer (von to dial (engl.) = wählen)! Dialer können prinzipiell jede Nummer wählen, es gilt allerdings http://www.dialerschutz.de/faq.php#4

zu 2) Wenn es die Datei ist, die man über Google bekommen kann, dann ja:

Code:

 File:           rdgFR1882.exe

Status:         

INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)

MD5         293248be692f66ea8732eeb1e314457a

Packers detected:         

YODA

Scanner results

AntiVir         

Found nothing

Avast         

Found nothing

AVG Antivirus         

Found nothing

BitDefender         

Found Trojan.Dialer.HT

ClamAV         

Found Dialer-306

Dr.Web         

Found Trojan.DownLoader.2044

F-Prot Antivirus         

Found nothing

Fortinet         

Found nothing

Kaspersky Anti-Virus         

Found Trojan.Win32.Dialer.ht

mks_vir         

Found Win32.4 (probable variant)

NOD32         

Found Win32/Dialer.NAD

Norman Virus Control         

Found Sandbox: W32/Dialer; [ General information ]
 

* File length: 28368 bytes.
 

[ Changes to filesystem ]

* Creates file C:\WINDOWS\SYSTEM\Loader.dll.
 

[ Changes to registry ]

* Creates key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}".

* Sets value "default"="Loader Class" in key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}".

* Creates key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\InprocServer32".

* Sets value "default"="C:\WINDOWS\SYSTEM\Loader.dll" in key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\InprocServer32".

* Sets value "ThreadingModel"="Apartment" in key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\InprocServer32".

* Creates key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\ProgID".

* Sets value "default"="Loader.LoaderObj.1" in key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\ProgID".

* Creates key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\Programmable".

* Sets value "default"="" in key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\Programmable".

* Creates key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\TypeLib".

* Sets value "default"="{FA5E664F-F78C-407A-AC4C-F8DC7FF394B9}" in key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\TypeLib".

* Creates key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\VersionIndependentProgID".

* Sets value "default"="Loader.LoaderObj" in key "HKLM\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}\VersionIndependentProgID".

* Creates key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E246FAE-8420-11D9-870D-000C2917DE7F}".

VBA32         

Found !Trojan.Downloader.Small.12 (probable variant)

Kannst du selbst überprüfen unter http://virusscan.jotti.org/

Gruß :daumenhoc
Yopie