Content
W32/Zhelatin!a!58bf4493b4d0
- Type
- Virus
- SubType
- -
- Discovery Date
- 08/21/2009
- Length
- 134468
- Minimum DAT
- 5716 (08/21/2009)
- Updated DAT
- 5716 (08/21/2009)
- Minimum Engine
- 5300.2777
- Description Added
- 08/21/2009
- Description Modified
- 08/21/2009 8:51 AM (PT)
Tab Navigation
Characteristics
| File Property | Property Value |
|---|---|
| FileName | 3317.exe |
| McAfee Artemis | Artemis!58bf4493b4d0 |
| McAfee Detection | W32/Zhelatin!a |
| Length | 134,468 bytes |
| CRC | 2C04F8F2 |
| MD5 | 58BF4493B4D04B2E996A7B3CC7F24533 |
| SHA1 | AEA09C8B07216600D752A4ADEA3C2F179CFFA8AA |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:Tibs-BEL [Trj] |
| AVG (GriSoft) | Downloader.Tibs.7.W (Trojan horse) |
| Avira | WORM/Zhelatin.Gen |
| BitDefender | Trojan.Peed.IGK |
| clamav | Trojan.Small-3628 |
| Dr.Web | Trojan.Packed.142 |
| Eset | Win32/Nuwar.Gen worm |
| FortiNet | W32/Tibs.HI@mm |
| F-Prot | W32/StormWorm.D |
| Kaspersky | Email-Worm.Win32.Zhelatin.hi |
| microsoft | trojan:win32/tibs.ja |
| norman | tibs.gen147 |
| panda | Suspicious |
| rising | Worm.Mail.Zhelatin.aiu |
| Sophos | Mal/EncPk-FO |
| Symantec | Trojan Horse |
| Trend Micro | WORM_NUWAR.AQJ |
| V-Buster | I-Worm.Zhelatin.CBZ (iworm) |
| Vet (Computer Associates) | Win32/Sintun.AF |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Enumerates open windows | Medium |
| Enumerates running processes | Medium |
| Uses shared memory of other processes | Low |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
Symptoms
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Characteristics
Characteristics -
| File Property | Property Value |
|---|---|
| FileName | 3317.exe |
| McAfee Artemis | Artemis!58bf4493b4d0 |
| McAfee Detection | W32/Zhelatin!a |
| Length | 134,468 bytes |
| CRC | 2C04F8F2 |
| MD5 | 58BF4493B4D04B2E996A7B3CC7F24533 |
| SHA1 | AEA09C8B07216600D752A4ADEA3C2F179CFFA8AA |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:Tibs-BEL [Trj] |
| AVG (GriSoft) | Downloader.Tibs.7.W (Trojan horse) |
| Avira | WORM/Zhelatin.Gen |
| BitDefender | Trojan.Peed.IGK |
| clamav | Trojan.Small-3628 |
| Dr.Web | Trojan.Packed.142 |
| Eset | Win32/Nuwar.Gen worm |
| FortiNet | W32/Tibs.HI@mm |
| F-Prot | W32/StormWorm.D |
| Kaspersky | Email-Worm.Win32.Zhelatin.hi |
| microsoft | trojan:win32/tibs.ja |
| norman | tibs.gen147 |
| panda | Suspicious |
| rising | Worm.Mail.Zhelatin.aiu |
| Sophos | Mal/EncPk-FO |
| Symantec | Trojan Horse |
| Trend Micro | WORM_NUWAR.AQJ |
| V-Buster | I-Worm.Zhelatin.CBZ (iworm) |
| Vet (Computer Associates) | Win32/Sintun.AF |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Enumerates open windows | Medium |
| Enumerates running processes | Medium |
| Uses shared memory of other processes | Low |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
Symptoms
Symptoms -
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Method of Infection -
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
