Monday, 21 May 2012
Home arrow Security software arrow Freeware arrow Free Trojan Mitglieder removal tool
Security software
Anti spam tools
Anti spyware tools
Antivirus
Backup
Encryption
Firewall
Free software
Passwords managers
Popup ad blockers
Other
Other
Submit software
Security news
Security information
Contact us


RSS
Security software
Security software


Sell software online
Affiliate Programs
Hand guns


Free Trojan Mitglieder removal tool
Friday, 04 November 2005
Panda Software has made the free PQREMOVE utility available to all users to effectively detect and eliminate Mitglieder.FK, which has caused a significant number of infections over the last few hours.

Download security software: Free Trojan Mitglieder removal tool

Developer: Panda Software

According to data from Panda ActiveScan, Panda Software's online antivirus solution, the four variants of Mitglieder mentioned above have been the most frequently detected threats around the world. The first variant to appear -FK-, is spread in emails with a blank subject and with a message text including words such as "Texte" or "Info". The emails include a .ZIP attachment with a variable name (Health_and_knowledge, Txt_sms, Max, Business, The_new_price, Info_prices or Business_dealing). This file includes an .EXE file, which installs Mitglieder.FK on the computer when it is run.

The FK, FL and FN variants of Mitglieder share the following characteristics:

- Once installed on a computer, and using a PHP script, they try to download a file from different web pages. Once downloaded, they save it -using a random number as the name- in the subfolder EXEFLD of the Windows directory, and then they run it.

- They create the HLOADER_EXE.EXE file, a copy of the Trojan itself, which in turn generates the HLEADER_DLL.DLL file the next time the computer is started up. The latter is injected in the EXPLORER.EXE process and is responsible for carrying out the Trojan's actions.
The action that the FM variant of Migtlieder takes on the computers it infects includes:

- Preventing access to certain web pages, in particular those belonging to antivirus companies.

- Disabling system services related to several antivirus and security
products.

- Deleting Windows registry editing tools.

Finally in today's report we will look at Bagle.FN, a worm that sends a copy of the Mitglieder.FK Trojan to all addresses it collects from the compromised computer.

Bagle.FN spreads in an email message that tries to trick users into believing that the message attachment is a computer program, images, etc. It also spreads via Internet, attacking IP addresses -obtained at random or from the infected computer's network-, exploiting a vulnerability or through an open port.

Bagle.FN tries to download several files from different websites in order to run them on the computer, and deletes Windows registry entries associated with other malware specimens.
 
< Prev   Next >
[ Back ]
Security articles
  • Rootkits the new weapon for cyber criminals (q)
  • Sniffing (q)
  • Definition: PGP (q)
  • Cryptanalysis (q)
  • Backup Hints (q)
    • © 2004-2007 Daita.org