Home arrow News arrow Computers arrow Viking.NAE Trojan infects executable files
English Spanish French German Italian Portuguese
Viking.NAE Trojan infects executable files
ImageViking.NAE keeps on growing through network shared resources and once installed, it tries to infect files and executable files. It also try to alter the Windows security configuration to download and execute more malicious codes ignoring the SO protection process.



Viking.NAE sends Protocol packages of message control of Internet to the IP addresses of a possible local network (192.168.0.30 y 192.168.8.1). This ICMP packages allow generate error messages, other error messages for trial  and informative mesaje relates to the IP used to gut the existence of the requested equipment.

When executing the Trojan for the first time, the following files are creates inside the Windows folders:

RUNDL132.EXE (This file pretends to be the truthful RUNDLL32.EXE of Windows slightly altering its name). It enters into the IEXPLORE.EXE  or EXPLORER.EXE when this executed for the firs time). vDll.dll (file created in the folder where this is executed for the first time the Viking.NAE)

RUNDL132.EXE (This file pretends to be the truthful RUNDLL32.EXE of Windows slightly altering its name). It enters into the IEXPLORE.EXE  or EXPLORER.EXE when this executed for the firs time).
vDll.dll (file created in the folder where this is executed for the first time the Viking.NAE)


It can create the following registration code as an infection marker:

HKLM\SOFTWARE\Soft\DownloadWWWauto = "1"

To start together with every Windows start, generate the following entry:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windowsload = "c:\windows\rundl132.exe.

The malicious which will look for the download the different sites are:

mx.exe
mx.txt
wow.exe
wow.txt
zt.exe
zt.txt

Viking.NAE omits the search in various, so the content will not be affected by its actions:

Common Files
ComPlus Applications
Documents and Settings
InstallShield Installation Information
Internet Explorer
Messenger
Microsoft Frontpage
Microsoft Office
Movie Maker
MSN
MSN Gamin Zone
NetMeeting
Outlook Express
Program Files
Recycled
system
System Volume Information
system32
windows
Windows Media Player
Windows NT
WindowsUpdate
Winnt

Read more...
 

Search
 

spacer.png, 0 kB
 Copyright © 2006 Eazel. All rights reserved. spacer.png, 0 kB