|
Trojan.Clicker.NetBuie a- Viruses Information
| Name: |
Trojan.Clicker.NetBuie a- |
| Category: |
Viruses |
| Description:
|
Details
Trojan.Clicker.NetBuie a-b
NetBuie is a trojan horse that carries out periodic "clicks" or "hits" on banners held by the person or persons who created this virus; the purpose rating (value). The virus is a self-extracting ZIP-archive containing two EXE-files. Both files are written in Visual Basic 6.0 and is being distributed under the appearance of an XBox emulator.
Below are descriptions for NetBuie variants A and B:
NetBuie.a
Upon launching this variant of the NetBuie Trojan it unpacks the two EXE-files into the Windows system directory under the names %WinDir%SystemNBConfig.exe and %WinDir%SystemNetBUIE.exe.
Next it creates new key in the register:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"NetBUIE"="C:\windows\system\NetBUIE.exe"
Once this is done Netbuie executes the file NBConfig.exe and them displays the following false message:
NetBuie then starts the NetBUIE.exe program that periodically and clandestinely starts the web-browser and directs it to one of three web addresses:
http://hg1.hitbox.com/HG?hc=w114&cd=1&hb=WQ500421D7CZ38EN0&n=Stealth4
http://fastcounter.bcentral.com/fastcounter?1817391+3634789
http://www.scorpionsearch.com/admin.html
NetBuie.b
Upon launching this variant of the NetBuie Trojan it unpacks the EXE-files into the Windows system directory under the names %WinDir%SystemDConfig.exe ³ %WinDir%SystemStealthXP.exe.
Next it creates new key in the register:
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"NetBUIE"=""
"StealthXP"="C:\WINDOWS\SYSTEM\StealthXP.exe"
Once this is done Netbuie executes the file DConfig.exe and them displays the following false message:
NetBuie then starts the StealthXP.exe program that periodically and clandestinely starts the web-browser and directs it to one of three web addresses:
http://hg1.hitbox.com/HG?hc=w114&cd=1&hb=WQ500421D7CZ38EN0&n=Stealth4
http://fastcounter.bcentral.com/fastcounter?1817391+3634789
http://www.scorpionsearch.com/admin.html |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Chapa Famil
Otti Famil
Polymorph.92
Rider.57
Urke
Dotter.396
Wally.102
Quox.
VLAD.Antipode.108
Locust Famil
|
