W32/Diamin.BZ!tr
Analysis
W32/Diamin.BZ!tr - 06-08-02
General Info:
This threat is a "PE" executable file, with file size 22008
Network/Internet:
- Connects to Server: HTTP
Files:
- Copies itself to: undefinedSystemDirectoryundefined
- Drop files: ".exe"
Installation to System:
- When run, it copies itself to:
undefinedWINDOWSundefined\NETVISION.exe - And creates these registry entries:
HKLM\Microsoft\Windows\CurrentVersion\Run "FASTTRACKNETVISION" = "undefinedWINDOWSundefined\NETVISION.exe -A"
More Info:
The NETVISON process which is a copy of the virus will dial to the ip 212.39.31.12,212.39.26.68 and 67.15.56.69 through the modem. It will create a service named Telephony,then set the service status Running.