W32/Diamin.BZ!tr - 06-08-02
This threat is a "PE" executable file, with file size 22008
- Connects to Server: HTTP
- Copies itself to: undefinedSystemDirectoryundefined
- Drop files: ".exe"
Installation to System:
- When run, it copies itself to:
- And creates these registry entries:
HKLM\Microsoft\Windows\CurrentVersion\Run "FASTTRACKNETVISION" = "undefinedWINDOWSundefined\NETVISION.exe -A"
The NETVISON process which is a copy of the virus will dial to the ip 126.96.36.199,188.8.131.52 and 184.108.40.206 through the modem. It will create a service named Telephony,then set the service status Running.