Malware: 73_TDL3_24.02.2010_TDL3.27.exe
Malware: C:\sand-box\73_TDL3_24.02.2010_TDL3.27.exe
—————————————————————————————————————————-
Classification:
| Antivirus | Version | Last Update | Result |
|---|---|---|---|
| F-Secure | 9.0.15370.0 | 2010.03.02 | Gen:Heur.Krypt.8 |
| Kaspersky | 7.0.0.125 | 2010.03.02 | Trojan-GameThief.Win32.Magania.cwgq |
| McAfee | 5907 | 2010.03.01 | DNSChanger.at |
| Microsoft | 1.5502 | 2010.03.02 | Trojan:Win32/Alureon.CT |
| NOD32 | 4909 | 2010.03.02 | a variant of Win32/Kryptik.CPZ |
—————————————————————————————————————————-
Additional information
File size: 80896 bytes
MD5 : 11f1560e6f0d5f85a18dfe99b4be1174
SHA1 : 71e071761c37d94647083508d6c6c413b0ba9246
SHA256: 8115dac8ce2f5e6edf66632c1a47b7e562359838db416079a02efe7abd5e6947
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:
———————————-
Values modified:1
———————————-
(-) HKLM\Software\Microsoft\DrWatson\NumberOfCrashes: 0×00000000
(+) HKLM\Software\Microsoft\DrWatson\NumberOfCrashes: 0×00000001
———————————-
Files added:3
———————————-
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp
C:\WINDOWS\Temp\Perflib_Perfdata_3c4.dat
———————————-
Files deleted:1
———————————-
C:\sand-box\73_TDL3_24.02.2010_TDL3.27.exe
———————————-
Folders added:1
———————————-
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson
———————————-
Files [attributes?] modified:1
———————————-
C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS
———————————-
Total changes:7
———————————-
—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com
Recommended: UnHackMe anti-rootkit and anti-malware
Premium software: RegRun Security Suite (Good choice for removal and protection)
