Trojan.Siggen4.11413

Added to the Dr.Web virus database: 2012-07-17

Virus description added: 2012-08-07

Technical Information

Malicious functions:

Executes the following:

<SYSTEM32>\net1.exe stop AVSYNMGR /y
<SYSTEM32>\net1.exe stop AVGUARD.exe /y
<SYSTEM32>\net.exe stop Avwupd32.exe /y
<SYSTEM32>\net.exe stop Avwin95.exe /y
<SYSTEM32>\net1.exe stop AVSync Manager /y
<SYSTEM32>\net.exe stop BlackICE Defender /y
<SYSTEM32>\net1.exe stop Avwin.exe /y
<SYSTEM32>\net1.exe stop AVGNT.exe /y
<SYSTEM32>\net.exe stop Blackd.exe /y
<SYSTEM32>\net.exe stop BLACKICE /y
<SYSTEM32>\net.exe stop Avwin.exe /y
<SYSTEM32>\net.exe stop AVSYNMGR /y
<SYSTEM32>\net1.exe stop Avpm.exe /y
<SYSTEM32>\net1.exe stop Avpdos32.exe /y
<SYSTEM32>\net1.exe stop Avpcc.exe /y
<SYSTEM32>\net.exe stop AVSync Manager /y
<SYSTEM32>\net.exe stop AVGNT.exe /y
<SYSTEM32>\net1.exe stop Avsched32.exe /y
<SYSTEM32>\net1.exe stop Avpupd.exe /y
<SYSTEM32>\net.exe stop AVGUARD.exe /y
<SYSTEM32>\net1.exe stop Avptc32.exe /y
<SYSTEM32>\net.exe stop Blackice.exe /y
<SYSTEM32>\net1.exe stop Cfiadmin.exe /y
<SYSTEM32>\net.exe stop Claw95.exe /y
<SYSTEM32>\net.exe stop Cfinet32.exe /y
<SYSTEM32>\net.exe stop CFINET32 /y
<SYSTEM32>\net1.exe stop CA Sessionwall-3 /y
<SYSTEM32>\net.exe stop Cleaner.exe /y
<SYSTEM32>\net1.exe stop Cfinet.exe /y
<SYSTEM32>\net1.exe stop CFINET /y
<SYSTEM32>\net1.exe stop Cfiaudit.exe /y
<SYSTEM32>\net.exe stop Claw95cf.exe /y
<SYSTEM32>\net1.exe stop Blackice.exe /y
<SYSTEM32>\net.exe stop Cfiadmin.exe /y
<SYSTEM32>\net1.exe stop Blackd.exe /y
<SYSTEM32>\net1.exe stop Avwupd32.exe /y
<SYSTEM32>\net1.exe stop Avwin95.exe /y
<SYSTEM32>\net.exe stop CA Sessionwall-3 /y
<SYSTEM32>\net.exe stop CFINET /y
<SYSTEM32>\net.exe stop Cfinet.exe /y
<SYSTEM32>\net1.exe stop BlackICE Defender /y
<SYSTEM32>\net.exe stop Cfiaudit.exe /y
<SYSTEM32>\net1.exe stop BLACKICE /y
<SYSTEM32>\net.exe stop Avsched32.exe /y
<SYSTEM32>\net1.exe stop Agnitum Outpost Firewall /y
<SYSTEM32>\net.exe stop AVCONSOL /y
<SYSTEM32>\net.exe stop Autodown.exe /y
<SYSTEM32>\net.exe stop ATRACK /y
<SYSTEM32>\net1.exe stop Ackwin32.exe /y
<SYSTEM32>\net.exe stop Ave32.exe /y
<SYSTEM32>\net1.exe stop Apvxdwin.exe /y
<SYSTEM32>\net1.exe stop ANTIVIR /y
<SYSTEM32>\net1.exe stop Anti-Trojan.exe /y
<SYSTEM32>\net.exe stop Avconsol.exe /y
<SYSTEM32>\net1.exe stop _Avpm.exe /y
<SYSTEM32>\net.exe stop Ackwin32.exe /y
<SYSTEM32>\net.exe stop Agnitum Outpost Firewall /y
<SYSTEM32>\net.exe stop _Avpm.exe /y
<SYSTEM32>\net.exe stop _Avp32.exe /y
<SYSTEM32>\net.exe stop _Avpcc.exe /y
<SYSTEM32>\net1.exe stop _Avpcc.exe /y
<SYSTEM32>\net.exe stop Apvxdwin.exe /y
<SYSTEM32>\net.exe stop ANTIVIR /y
<SYSTEM32>\net.exe stop Anti-Trojan.exe /y
<SYSTEM32>\net1.exe stop _Avp32.exe /y
<SYSTEM32>\net.exe stop Avgctrl.exe /y
<SYSTEM32>\net.exe stop Avpdos32.exe /y
<SYSTEM32>\net1.exe stop Avp.exe /y
<SYSTEM32>\net.exe stop Avpcc.exe /y
<SYSTEM32>\net.exe stop Avp32.exe /y
<SYSTEM32>\net1.exe stop Avnt.exe /y
<SYSTEM32>\net1.exe stop Avp32.exe /y
<SYSTEM32>\net.exe stop Avpupd.exe /y
<SYSTEM32>\net1.exe stop AVP32 /y
<SYSTEM32>\net.exe stop Avpm.exe /y
<SYSTEM32>\net.exe stop Avptc32.exe /y
<SYSTEM32>\net1.exe stop Avkserv.exe /y
<SYSTEM32>\net1.exe stop AVCONSOL /y
<SYSTEM32>\net.exe stop Avnt.exe /y
<SYSTEM32>\net.exe stop Avkserv.exe /y
<SYSTEM32>\net1.exe stop ATRACK /y
<SYSTEM32>\net1.exe stop Autodown.exe /y
<SYSTEM32>\net1.exe stop Avgctrl.exe /y
<SYSTEM32>\net.exe stop AVP32 /y
<SYSTEM32>\net1.exe stop Ave32.exe /y
<SYSTEM32>\net.exe stop Avp.exe /y
<SYSTEM32>\net1.exe stop Avconsol.exe /y

Modifies file system :

Creates the following files:

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations

Free trial