Email-Worm.Win32.Agent.cg

From Total Malware Info

Jump to: navigation, search

This Worm is designed for sending spam. It’s Windows PE Executable file. Unpacked file has size 59392 bytes.

Installation

Trojan-Downloader.Win32.Diehard.di installs this Worm by registration system process svchost.exe in address space.

Payload

The malware is designed for creating bot networks for sending spam. It’s collecting information about victim machine (IP address, port, computer name, user name) and sends it to intruder through these mail servers:

  • mxs.***l.ru
  • gm**8-smtp-in.l.g**8le.com
  • gsmtp183.g**8le.com
  • in1.smtp.messa|***gengine.com
  • mail7.dig***waves.co.nz 
The bot creates unique IDs  to determine  itself:
  • dsfmjjh44fg
  • hrt43edrhhr
  • th4533hh555
  • crypt32LogoffPortEvent
  • memoryallocblock
  • zone_dns_mutex

To activate a code it using the next phrase:

  • Poshel-ka ti na hui drug aver

Removal Instructions

  1. Using Task Manager terminate the process svhost.exe
  2. Use Kaspersky Anti-Virus to delete the Worm. Update your antivirus databases and perform a full scan of the computer.
Retrieved from "http://www.totalmalwareinfo.com/eng/Email-Worm.Win32.Agent.cg"
Language
© 2010 "Design and Test Lab", LLC. All rights reserved.