Trojan.Patched.V

( Trj/Agent.FTI, Win32:Small-DKF[Trj] )

SINTOMI:

    The firewall detects connection requests to the sites: wikipedia.org, myspace.com, youtube.com, yahoo.com and www.google.com.
   The HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad registry key has as entry a file with suspect name, that is a name that does not belong to the operating system files or to the applications installed by the user.

DESCRIZIONE TECNICA:

    A mutex named updater3 is created in order to allow only one instance of the malware to be executed at a time.
   The malware checks the availability of the internet connection by trying to reach www.google.com and sends ICMP echo requests to
       wikipedia.org,
       myspace.com,
        youtube.com and
        yahoo.com.
   If the sites can be reached, the malware downloads an executable file,verifies its MZ signature and executes it.
    Trojan.Patched.V has backdoor capabilities: listens on some ports and accepts multiple clients to connect.
    It creates an entry in the registry key Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad to be loaded at every system restart.

ISTRUZIONI DI RIMOZIONE:

Please let BitDefender disinfect your files.

ANALIZZATO DA:

Boeriu Laura, virus researcher