Datenrettung    News    Datenretter

Glossar    Erste Hilfe    Datenbackup    Computer & Hardware    News    Glossar    Viren & Trojaner    Viren-Katalog    AntiViren-Tools    Hack-Angriffe    Internes    Startseite    Partner    Sitemap    Unsere Banner    Presseinfo    Kontakt    Impressum

Viren : Virenkatalog A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0-9 I-Worm.Bagle.J Alias: W32.Beagle.J@mm I-Worm.Bagle.J ist ein E-Mail-Wurm, es wird die eigene SMTP Engine verwendet. Er hat die Größe von 12288 Bytes und spiegelt vor allem Privatanwendern vor, daß der Absender der eigene Provider ist. Die E-Mail-Adressen sucht sich I-Worm.Bagle.J in Dateien mit folgenden Endungen: .WAB,.TXT,.MSG,.HTM,.XML,.DBX,.MDX,.EML,.NCH,.MMF,.ODS,.CFG,.ASP,.PHP,.PL, .ADB,.TBB,.SHT,.UIN,.CGI I-Worm.Bagle.J fügt folgenden Wert HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ssate.exe = \i11r54n4.exe in der Registrierung hinzu. Der Wurm kopiert sich im infizierten System unter %System%\irun4.exeopen Hinweis: %System% ist eine Systemvariable, die den tatsächlichen Dateipfad enthält. I-Worm.Bagle.J orientiert sich an der Windows-Installation Es wird TCP-Port 2745 geöffnet. Folgende Prozesse werden versucht zu beenden: ATUPDATER.EXE AVWUPD32.EXE AVPUPD.EXE LUALL.EXE DRWEBUPW.EXE ICSSUPPNT.EXE ICSUPP95.EXE UPDATE.EXE NUPGRADE.EXE ATUPDATER.EXE AUPDATE.EXE AUTODOWN.EXE AUTOTRACE.EXE AUTOUPDATE.EXE AVXQUAR.EXE CFIAUDIT.EXE MCUPDATE.EXE NUPGRADE.EXE OUTPOST.EXE AVLTMAIN.EXE Das E-Mail hat folgendes Aussehen: Betreff: E-mail account security warning. Notify about using the e-mail account. Warning about your e-mail account. Important notify about your e-mail account. Email account utilization warning. Notify about your e-mail account utilization. E-mail account disabling warning. Inhalt: Dear user of , Dear user of gateway e-mail server, Dear user of e-mail server "", Hello user of e-mail server, Dear user of "" mailing system, Dear user, the management of mailing system wants to let you know that, "Your e-mail account has been temporary disabled because of unauthorized access." "Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service." "Your e-mail account will be disabled because of improper using in next three days, if you are still wishing to use it, please, resign your account information." "We warn you about some attacks on your e-mail account. Your computer may contain viruses, in order to keep your computer and e-mail account safe, please, follow the instructions." "Our antivirus software has detected a large ammount of viruses outgoing from your email account, you may use our free anti-virus tool to clean up your computer software." "Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions." anschließend: "For more information see the attached file." "Further details can be obtained from attached file." "Advanced details can be found in attached file." "For details see the attach." "For details see the attached file." "For further details see the attach." "Please, read the attach for further details." "Pay attention on attached file." bzw.: "For security reasons attached file is password protected. The password is ""." "For security purposes the attached file is password protected. Password is ""." "Attached file protected with the password for security reasons. Password is ." "In order to read the attach you have to use the following password: ." weiters: "Sincerely," "Best wishes," "Have a good day," "Cheers," "Kind regards," "The Management," zum Schluß: The team http://www. Anhang (.ZIP-Datei): Attach Information Readme Document TextDocument TextFile MoreInfo Message I-Worm.Bagle.J versucht durch entsprechende Remote-Befehle Dateien herunterzuladen und Anti-Virenprogramme zu beenden. Außerdem sucht er sich Ordner, in denen der Namen ".Shar" enthalten ist: Microsoft Office 2003 Crack, Working!.exe Microsoft Office XP working Crack, Keygen.exe Microsoft Windows XP, WinXP Crack, working Keygen.exe Porno Screensaver.scr Porno, sex, oral, anal cool, awesome!!.exe Porno pics arhive, xxx.exe Serials.txt.exe Windown Longhorn Beta Leak.exe Windows Sourcecode update.doc.exe XXX hardcore images.exe Opera 8 New!.exe WinAmp 5 Pro Keygen Crack Update.exe WinAmp 6 New!.exe Matrix 3 Revolution English Subtitles.exe Adobe Photoshop 9 full.exe Ahead Nero 7.exe ACDSee 9.exe Wird I-Worm.Bagle.J im Jahr 2005 oder später durchgeführt, wird der Wurm und sämtliche Einträge in der Registry gelöscht. In der Codierung von I-Worm.Bagle-J ist folgender Text versteckt, der jedoch nicht sichtbar ist: Hey,NetSky, fuck off you bitch, don't ruine our bussiness, wanna start a war? Entfernung: Sperren Sie die System-Wiederherstellung (Windows Me/XP). Aktualisieren Sie die Virusdefinitionen. Löschen Sie den Wert, den die Endlosschleife der Registry hinzufügte. Linktipps: Massage Wien