Worm:Win32/Dorkbot.I - worm, based on IRC communication (DorkBot family) with a backdoor features.
Also known as NgrBot, IRCBot.
Like SpyEye may capture private user data, such as user names and passwords. Threat may block some security websites.
Also like SpyEye hides it data and actions from your eyes with user-mode rootkit component. No driver on board and will be detected with any anti-rootkit.
Also known as NgrBot, IRCBot.
Like SpyEye may capture private user data, such as user names and passwords. Threat may block some security websites.
Also like SpyEye hides it data and actions from your eyes with user-mode rootkit component. No driver on board and will be detected with any anti-rootkit.
Hooks:
Installs itself to %AppData% dir and, after reboot, loads from
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Also download other threats (Zeus, in my case, zaberg.exe)
Hidden files and keys:
For remove (with Xuetr):
Set special settings that will disable some features of malware action:
Next, delete files, including downloaded, and registry values.
After that, perform special reboot.
