Atención: Foro y web cerrados en modo lectura.Tras 21 años online, hemos dejado de actualizar la web y el foro, aquí tenéis la información ¡Muchas gracias por vuestro apoyo!
super hidden bridge.dll and jao.dllhttp://www.computercops.biz/postt32527.htmlandVSantivirus no. 1401 Year 8, Friday 7 of May of 2004Troj/Briss.A. Aggregate by the finder "BlazeFind" http://www.vsantivirus.com/troj-briss-a.htmName: Troj/Briss.AType: Trojan horse (Spyware)Alias: Briss, Win32/Spy.Briss.H, Briss.A, TrojanSpy.Win32.Briss, TrojanSpy.Win32.Briss.H, Trj/Briss.A, Keylog-BrissVariants: Troj/Briss.B, Troj/Briss.C, Troj/Briss.D, Troj/Briss.E, Troj/Briss.F, Troj/Briss.G, Troj/Briss.HDate: 28/abr/04Platform: Windows 32-bitBriss is spyware created by BlazeFind, a finder of pages Web Usually is installed without no warning or notification, being in charge after redirecting all search made by the user.The main component of this troyano Integra to the Explorer like an object of type BHO (Browser Helper Object). An object BHO is a DLL that is enclosed to if same in each beginning of the Explorer, being able executing predetermined events. In this case, it creates a bar search in the interface of Internet Explorer.The troyano is updated automatically, sending information on the user, hard disks and operating system to its creators.The main file is a installer who without no warning, creates the following archives: c:\windows\system\a.exec:\windows\system\bridge.dllc:\windows\system\jao.dllNOTE: "c:\windows\system" can vary according to the installed operating system (with that name by defect in Windows 9x and ME, like "c:\winnt\system32" in Windows NT and 2000 and "c:\windows\system32" in Windows XP and Windows Server 2003).****************Briss.AThreat Level: Moderate Distribution: Medium Damage: Low The Threat Level varies according to the Distribution and Damage levelsEffects Briss.A has the following effects:It goes memory resident.It installs other malware in the affected computer, every 24 hours, without user's consent. In order to do so, Briss.A uses a list of programs taken out from the web site www2.flingstone.com.Some of the malware installed are: Adware/180Solutions, Trj/Revop.F, Adware/Searchcentrix, etc.It has other functionalities, such as detecting if certain combinations of keys are pushed. Infection strategy Briss.A creates the following files in the Windows system directory:A.EXE.BRIDGE.DLL and JAO.DLL. These files are DLLs (Dynamic Link Libraries).Briss.A creates the following entries in the Windows Registry:HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunRunDLL = rundll32.exe %sysdir%\ bridge.dll, LoadHKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ RunSystray = %sysdir%\ a.exewhere %sysdir% is the Windows system directoryBy creating these entries, Briss.A ensures it is run whenever Windows is started.HKEY_LOCAL_MACHINE\ SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Explorer\ Browser Helper Objects\{9C691A33-7 DDA-4C2F-BE4C-C176083F35CF}HKEY_CLASSES_ROOT\ Bridge.brdgBriss.A registers the Browser Helper Object (an Internet Explorer toolbar) BRIDGE.DLL in these entries.Means of transmission Briss.A does not spread automatically using its own means. It needs the attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, e-mail messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.Panda can clean it if you set Panda to clean ithttp://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?lst=sol&idvirus=46978The troyano creates the following entrances to execute itself in each resumption of Windows:HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunRunDLL = rundll32.exe c:\windows\system\bridge.dll, LoadSystray = c:\windows\system\a.exeHKLM\SOFTWARE\Classes\CLSID\{9c691a33-7dda-4c2f-be4c-c176083f35cf }HKLM\SOFTWARE\Microsoft\Windowsto \CurrentVersion\Explorer\Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf }HKEY_CLASSES_ROOT\Bridge.brdgThis action loads BRIDGE.DLL in memory in each initiated session of Windows.Spyware connects to the site "www2.flingstone.com" reporting the collected data, and unloading and installing updates of if same.Procedure of automatic desinstalación:Select "Flingstone Bridge" in "Adding or clearing programs" of the Control Panel and puncture in "Clearing".Manual repair Note: We recommended to use a program type firewall (fire-resistant) like the ZoneAlarm, which will stop and notice the connection of this and any other troyano with Internet, as well as any attempt to accede to our system.ZoneAlarm (gratuitous for its personal use), in addition to being excellent fire-resistant ones, also prevents the execution of any associate with possibilities of having virus (with no need to have to update it with each new version of a virus).More information:How to form Zone Alarm 3.xhttp://www.vsantivirus.com/za.htm Antivirus 1. Update his antivirus with the last definitions2. Ejecútelos in way I scan, reviewing all its discs3. Erase the archives detected like infectedTo erase manually archives added by the virus From the Explorer of Windows, it locates and it erases the following archives:c:\windows\system\a.exec:\windows\system\bridge.dllc:\windows\system\jao.dllPuncture with the right button on the icon of the "Wastebasket of recycling" in the writing-desk, and select "To drain the recycling wastebasket".To publish the registry Note: some of the branches in the registry mentioned here, can not be present since it depends on which version of Windows is had installed.1. Execute the registry publisher: Beginning, to execute, writes REGEDIT and presses ENTER2. In the left panel of the publisher, it punctures in sign "+" until opening the following branch:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run3. Puncture in the folder "Run" and in the panel of the right, under the column "Name", looks for and erases the following entrances: RunDLLSystrayNOTE: "Systray" does not confuse (bórrelo), with "SystemTray" (DOES NOT ERASE IT, is a legitimate entrance of Windows.4. In the left panel of the publisher, it punctures in sign "+" until opening the following branch:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c691a33-7dda-4c2f-be4c-c176083f35cf }5. Puncture in the folder "{ 9c691a33-7dda-4c2f-be4c-c176083f35cf }" and bórrela.6. In the left panel of the publisher, it punctures in sign "+" until opening the following branch:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersionto \Explorerto \Browser Helper Objects\{9c691a33-7dda-4c2f-be4c-c176083f35cf }7. Puncture in the folder "{ 9c691a33-7dda-4c2f-be4c-c176083f35cf }" and bórrela.8. In the left panel of the publisher, it punctures in sign "+" until opening the following branch:HKEY_CLASSES_ROOT\Bridge.brdg 9. Puncture in the folder "Bridge.brdg" and bórrela.10. Use "Registry", "To leave" to leave the publisher and to confirm the changes.11. Reinitiate its computer (Beginning, To extinguish the system, To reinitiate).Procedure to recover page of beginning and page search in Internet Explorer Flingstone Bridge description:Opens pop-up windows and tries to download files from flingstone.com. Flingstone Bridge properties:• Shows commercial adverts • Hides from the user • Stays resident in background
Aviso Legal | Política de Privacidad | Política de Cookies