|
TrojanDownloader.Win32.Ultimx. Viruses Information
| Name: |
TrojanDownloader.Win32.Ultimx. |
| Category: |
Viruses |
| Description:
|
Details
TrojanDownloader.Win32.Ultimx.a
Ultimix is "downloader" trojan which downloads a given file from a site and then tries to copy it to the computers accessible on a network. The trojan program itself is a Windows PE EXE file about 28KB in length (when compressed by UPX, the unpacked file size is about 60KB) and written in MS Visual C++.
When the trojan code is run the trojan installs itself into the system. It copies itself to the Windows system directory and registers this copy in the system registry auto-run key:
[HKCUSoftwareMicrosoftWindowsCurrentVersionRun]
rdvs = %worm file name%
The "worm file name" can vary. Next the trojan tries to download a file from the site at http://www.ultimxxx.net/exefiles and saves it under the names DIALER.EXE or DIALER123.EXE.
After this the trojan starts to scan a network. When it finds a computer that is giving resources for general network purposes, it copies to this computer the file:
DIALER123.exe
The files DIALER.EXE or DIALER123.EXE represent the program that performs a call-back for and the establishment of a modem connections with private servers with pornographic contents (see "not-a-virus:Pornodial.generic"). |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Macro.Word.Cloc
Trojan-Downloader.Win32.Small.c
Win32.InvictusDLL.09
WScript.KakWor
Blinker.51
Spic.99
Muminki.90
Elf.264
Rasek.1489.
Macro.Word97.Jedi_Magi
|
