Pour le fonctionnement correct du site, vous devez activer JavaScript dans votre navigateur.
Trojan.Siggen6.30429
Added to the Dr.Web virus database:
2015-02-17
Virus description added:
2015-02-17
Technical Information
To ensure autorun and distribution:
Creates the following services:
[<HKLM>\SYSTEM\ControlSet001\Services\MSNDSRV] 'Start' = '00000002'
Malicious functions:
Creates and executes the following:
'<SYSTEM32>\MSCFG32.EXE'
'<SYSTEM32>\MSDIRECTX.EXE'
'<SYSTEM32>\msnadt.exe'
Executes the following:
'<SYSTEM32>\cmd.exe' /c %TEMP%\INSTV3.BAT
'<SYSTEM32>\attrib.exe' -r "<SYSTEM32>\msnadt.exe"
'<SYSTEM32>\cmd.exe' /c %TEMP%\INSTV4.BAT
Hooks the following functions in System Service Descriptor Table (SSDT):
NtReleaseSemaphore, handler: unknown
NtRemoveIoCompletion, handler: unknown
NtRegisterThreadTerminatePort, handler: unknown
NtReleaseMutant, handler: unknown
NtReplaceKey, handler: unknown
NtReplyPort, handler: unknown
NtRemoveProcessDebug, handler: unknown
NtRenameKey, handler: unknown
NtReadVirtualMemory, handler: unknown
NtQueueApcThread, handler: unknown
NtRaiseException, handler: unknown
NtQueryVirtualMemory, handler: unknown
NtQueryVolumeInformationFile, handler: unknown
NtReadFileScatter, handler: unknown
NtReadRequestData, handler: unknown
NtRaiseHardError, handler: unknown
NtReadFile, handler: unknown
NtReplyWaitReceivePort, handler: unknown
NtSaveKey, handler: unknown
NtSaveKeyEx, handler: unknown
NtResumeProcess, handler: unknown
NtResumeThread, handler: unknown
NtSetBootEntryOrder, handler: unknown
NtSetBootOptions, handler: unknown
NtSaveMergedKeys, handler: unknown
NtSecureConnectPort, handler: unknown
NtRestoreKey, handler: unknown
NtRequestDeviceWakeup, handler: unknown
NtRequestPort, handler: unknown
NtReplyWaitReceivePortEx, handler: unknown
NtReplyWaitReplyPort, handler: unknown
NtResetEvent, handler: unknown
NtResetWriteWatch, handler: unknown
NtRequestWaitReplyPort, handler: unknown
NtRequestWakeupLatency, handler: unknown
NtQueryValueKey, handler: unknown
NtQueryInformationPort, handler: unknown
NtQueryInformationProcess, handler: unknown
NtQueryInformationFile, handler: unknown
NtQueryInformationJobObject, handler: unknown
NtQueryInstallUILanguage, handler: unknown
NtQueryIntervalProfile, handler: unknown
NtQueryInformationThread, handler: unknown
NtQueryInformationToken, handler: unknown
NtQueryInformationAtom, handler: unknown
NtQueryDefaultUILanguage, handler: unknown
NtQueryDirectoryFile, handler: unknown
NtQueryDebugFilterState, handler: unknown
NtQueryDefaultLocale, handler: unknown
NtQueryEvent, handler: unknown
NtQueryFullAttributesFile, handler: unknown
NtQueryDirectoryObject, handler: unknown
NtQueryEaFile, handler: unknown
NtQueryIoCompletion, handler: unknown
NtQuerySystemEnvironmentValue, handler: unknown
NtQuerySystemEnvironmentValueEx, handler: unknown
NtQuerySemaphore, handler: unknown
NtQuerySymbolicLinkObject, handler: unknown
NtQueryTimer, handler: unknown
NtQueryTimerResolution, handler: unknown
NtQuerySystemInformation, handler: unknown
NtQuerySystemTime, handler: unknown
NtQuerySecurityObject, handler: unknown
NtQueryMutant, handler: unknown
NtQueryObject, handler: unknown
NtQueryKey, handler: unknown
NtQueryMultipleValueKey, handler: unknown
NtQueryQuotaInformationFile, handler: unknown
NtQuerySection, handler: unknown
NtQueryOpenSubKeys, handler: unknown
NtQueryPerformanceCounter, handler: unknown
NtTraceEvent, handler: unknown
NtTranslateFilePath, handler: unknown
NtTerminateThread, handler: unknown
NtTestAlert, handler: unknown
NtUnloadKeyEx, handler: unknown
NtUnlockFile, handler: unknown
NtUnloadDriver, handler: unknown
NtUnloadKey, handler: unknown
NtTerminateProcess, handler: unknown
NtStartProfile, handler: unknown
NtStopProfile, handler: unknown
NtShutdownSystem, handler: unknown
NtSignalAndWaitForSingleObject, handler: unknown
NtSystemDebugControl, handler: unknown
NtTerminateJobObject, handler: unknown
NtSuspendProcess, handler: unknown
NtSuspendThread, handler: unknown
NtUnlockVirtualMemory, handler: unknown
NtYieldExecution, handler: unknown
NtCreateKeyedEvent, handler: unknown
NtWriteRequestData, handler: unknown
NtWriteVirtualMemory, handler: unknown
NtWaitForKeyedEvent, handler: unknown
NtQueryPortInformationProcess, handler: unknown
NtOpenKeyedEvent, handler: unknown
NtReleaseKeyedEvent, handler: unknown
NtWriteFileGather, handler: unknown
NtWaitForDebugEvent, handler: unknown
NtWaitForMultipleObjects, handler: unknown
NtUnmapViewOfSection, handler: unknown
NtVdmControl, handler: unknown
NtWaitLowEventPair, handler: unknown
NtWriteFile, handler: unknown
NtWaitForSingleObject, handler: unknown
NtWaitHighEventPair, handler: unknown
NtSetVolumeInformationFile, handler: unknown
NtSetInformationFile, handler: unknown
NtSetInformationJobObject, handler: unknown
NtSetHighWaitLowEventPair, handler: unknown
NtSetInformationDebugObject, handler: unknown
NtSetInformationProcess, handler: unknown
NtSetInformationThread, handler: unknown
NtSetInformationKey, handler: unknown
NtSetInformationObject, handler: unknown
NtSetHighEventPair, handler: unknown
NtSetDefaultHardErrorPort, handler: unknown
NtSetDefaultLocale, handler: unknown
NtSetContextThread, handler: unknown
NtSetDebugFilterState, handler: unknown
NtSetEvent, handler: unknown
NtSetEventBoostPriority, handler: unknown
NtSetDefaultUILanguage, handler: unknown
NtSetEaFile, handler: unknown
NtSetInformationToken, handler: unknown
NtSetSystemTime, handler: unknown
NtSetThreadExecutionState, handler: unknown
NtSetSystemInformation, handler: unknown
NtSetSystemPowerState, handler: unknown
NtSetUuidSeed, handler: unknown
NtSetValueKey, handler: unknown
NtSetTimer, handler: unknown
NtSetTimerResolution, handler: unknown
NtSetSystemEnvironmentValueEx, handler: unknown
NtSetLdtEntries, handler: unknown
NtSetLowEventPair, handler: unknown
NtSetIntervalProfile, handler: unknown
NtSetIoCompletion, handler: unknown
NtSetSecurityObject, handler: unknown
NtSetSystemEnvironmentValue, handler: unknown
NtSetLowWaitHighEventPair, handler: unknown
NtSetQuotaInformationFile, handler: unknown
NtCreateProcess, handler: unknown
NtCreateProcessEx, handler: unknown
NtCreatePagingFile, handler: unknown
NtCreatePort, handler: unknown
NtCreateSemaphore, handler: unknown
NtCreateSymbolicLinkObject, handler: unknown
NtCreateProfile, handler: unknown
NtCreateSection, handler: unknown
NtCreateNamedPipeFile, handler: unknown
NtCreateIoCompletion, handler: unknown
NtCreateJobObject, handler: unknown
NtCreateEventPair, handler: unknown
NtCreateFile, handler: unknown
NtCreateMailslotFile, handler: unknown
NtCreateMutant, handler: unknown
NtCreateJobSet, handler: unknown
NtCreateKey, handler: unknown
NtCreateThread, handler: unknown
NtDeleteValueKey, handler: unknown
NtDeviceIoControlFile, handler: unknown
NtDeleteKey, handler: unknown
NtDeleteObjectAuditAlarm, handler: unknown
NtDuplicateToken, handler: unknown
NtEnumerateBootEntries, handler: unknown
NtDisplayString, handler: unknown
NtDuplicateObject, handler: unknown
NtDeleteFile, handler: unknown
NtCreateWaitablePort, handler: unknown
NtDebugActiveProcess, handler: unknown
NtCreateTimer, handler: unknown
NtCreateToken, handler: unknown
NtDeleteAtom, handler: unknown
NtDeleteBootEntry, handler: unknown
NtDebugContinue, handler: unknown
NtDelayExecution, handler: unknown
NtCreateEvent, handler: unknown
NtAdjustPrivilegesToken, handler: unknown
NtAlertResumeThread, handler: unknown
NtAddBootEntry, handler: unknown
NtAdjustGroupsToken, handler: unknown
NtAllocateUserPhysicalPages, handler: unknown
NtAllocateUuids, handler: unknown
NtAlertThread, handler: unknown
NtAllocateLocallyUniqueId, handler: unknown
NtAddAtom, handler: unknown
NtAccessCheckAndAuditAlarm, handler: unknown
NtAccessCheckByType, handler: unknown
NtAcceptConnectPort, handler: unknown
NtAccessCheck, handler: unknown
NtAccessCheckByTypeResultListAndAuditAlarm, handler: unknown
NtAccessCheckByTypeResultListAndAuditAlarmByHandle, handler: unknown
NtAccessCheckByTypeAndAuditAlarm, handler: unknown
NtAccessCheckByTypeResultList, handler: unknown
NtAllocateVirtualMemory, handler: unknown
NtCompleteConnectPort, handler: unknown
NtCompressKey, handler: unknown
NtCompactKeys, handler: unknown
NtCompareTokens, handler: unknown
NtCreateDebugObject, handler: unknown
NtCreateDirectoryObject, handler: unknown
NtConnectPort, handler: unknown
NtContinue, handler: unknown
NtCloseObjectAuditAlarm, handler: unknown
NtCallbackReturn, handler: unknown
NtCancelDeviceWakeupRequest, handler: unknown
NtAreMappedFilesTheSame, handler: unknown
NtAssignProcessToJobObject, handler: unknown
NtClearEvent, handler: unknown
NtClose, handler: unknown
NtCancelIoFile, handler: unknown
NtCancelTimer, handler: unknown
NtOpenJobObject, handler: unknown
NtOpenKey, handler: unknown
NtOpenFile, handler: unknown
NtOpenIoCompletion, handler: unknown
NtOpenProcess, handler: unknown
NtOpenProcessToken, handler: unknown
NtOpenMutant, handler: unknown
NtOpenObjectAuditAlarm, handler: unknown
NtOpenEventPair, handler: unknown
NtModifyBootEntry, handler: unknown
NtNotifyChangeDirectoryFile, handler: unknown
NtMapUserPhysicalPagesScatter, handler: unknown
NtMapViewOfSection, handler: unknown
NtOpenDirectoryObject, handler: unknown
NtOpenEvent, handler: unknown
NtNotifyChangeKey, handler: unknown
NtNotifyChangeMultipleKeys, handler: unknown
NtOpenProcessTokenEx, handler: unknown
NtPrivilegedServiceAuditAlarm, handler: unknown
NtProtectVirtualMemory, handler: unknown
NtPrivilegeCheck, handler: unknown
NtPrivilegeObjectAuditAlarm, handler: unknown
NtQueryBootEntryOrder, handler: unknown
NtQueryBootOptions, handler: unknown
NtPulseEvent, handler: unknown
NtQueryAttributesFile, handler: unknown
NtPowerInformation, handler: unknown
NtOpenSymbolicLinkObject, handler: unknown
NtOpenThread, handler: unknown
NtOpenSection, handler: unknown
NtOpenSemaphore, handler: unknown
NtOpenTimer, handler: unknown
NtPlugPlayControl, handler: unknown
NtOpenThreadToken, handler: unknown
NtOpenThreadTokenEx, handler: unknown
NtMapUserPhysicalPages, handler: unknown
NtFreeUserPhysicalPages, handler: unknown
NtFreeVirtualMemory, handler: unknown
NtFlushVirtualMemory, handler: unknown
NtFlushWriteBuffer, handler: unknown
NtGetDevicePowerState, handler: unknown
NtGetPlugPlayEvent, handler: unknown
NtFsControlFile, handler: unknown
NtGetContextThread, handler: unknown
NtFlushKey, handler: unknown
NtEnumerateValueKey, handler: unknown
NtExtendSection, handler: unknown
NtEnumerateKey, handler: unknown
NtEnumerateSystemEnvironmentValuesEx, handler: unknown
NtFlushBuffersFile, handler: unknown
NtFlushInstructionCache, handler: unknown
NtFilterToken, handler: unknown
NtFindAtom, handler: unknown
NtGetWriteWatch, handler: unknown
NtLockFile, handler: unknown
NtLockProductActivationKeys, handler: unknown
NtLoadKey, handler: unknown
NtLoadKey2, handler: unknown
NtMakePermanentObject, handler: unknown
NtMakeTemporaryObject, handler: unknown
NtLockRegistryKey, handler: unknown
NtLockVirtualMemory, handler: unknown
NtLoadDriver, handler: unknown
NtImpersonateThread, handler: unknown
NtInitializeRegistry, handler: unknown
NtImpersonateAnonymousToken, handler: unknown
NtImpersonateClientOfPort, handler: unknown
NtIsSystemResumeAutomatic, handler: unknown
NtListenPort, handler: unknown
NtInitiatePowerAction, handler: unknown
NtIsProcessInJob, handler: unknown
Hides the following processes:
%PROGRAM_FILES%\Internet Explorer\IEXPLORE.EXE
<SYSTEM32>\MSCFG32.EXE
Modifies file system :
Creates the following files:
<SYSTEM32>\mslog32.dat
<DRIVERS>\MSNDSRV.SYS
%TEMP%\INSTV3.BAT
%TEMP%\INSTV4.BAT
<SYSTEM32>\MSDIRECTX.EXE
<SYSTEM32>\msnadt.exe
<SYSTEM32>\MSCFG32.EXE
<SYSTEM32>\MSCFG32.DLL
Deletes the following files:
<SYSTEM32>\msnadt.exe
<SYSTEM32>\MSDIRECTX.EXE
Recommandations pour le traitement
Windows
macOS
Linux
Android
Si le système d'exploitation peut être démarré (en mode normal ou en mode sans échec), téléchargez Dr.Web Security Space et lancez un scan complet de votre ordinateur et de tous les supports amovibles que vous utilisez. En savoir plus sur Dr.Web Security Space .
Si le démarrage du système d'exploitation est impossible, veuillez modifier les paramètres du BIOS de votre ordinateur pour démarrer votre ordinateur via CD/DVD ou clé USB. Téléchargez l'image du disque de secours de restauration du système Dr.Web® LiveDisk ou l'utilitaire pour enregistrer Dr.Web® LiveDisk sur une clé USB, puis préparez la clé USB appropriée. Démarrez l'ordinateur à l'aide de cette clé et lancez le scan complet et le traitement des menaces détectées.
Si votre appareil mobile fonctionne correctement, veuillez télécharger et installer sur votre appareil mobile Dr.Web pour Android . Lancez un scan complet et suivez les recommandations sur la neutralisation des menaces détectées.
Si l'appareil mobile est bloqué par le Trojan de la famille Android.Locker (un message sur la violation grave de la loi ou la demande d'une rançon est affiché sur l'écran de l'appareil mobile), procédez comme suit:
démarrez votre Smartphone ou votre tablette en mode sans échec (si vous ne savez pas comment faire, consultez la documentation de l'appareil mobile ou contactez le fabricant) ;
puis téléchargez et installez sur votre appareil mobile Dr.Web pour Android et lancez un scan complet puis suivez les recommandations sur la neutralisation des menaces détectées ;
Débranchez votre appareil et rebranchez-le.
En savoir plus sur Dr.Web pour Android
Téléchargez Dr.Web pour Android
Gratuit pour 3 mois
Tous les composants de protection
Renouvellement de la démo via AppGallery/Google Pay
Nous utilisons des cookies sur notre site web à des fins d’analyse et de récolte de données statistiques. En naviguant sur notre site, vous pouvez accepter ou refuser l’utilisation de ces fichiers cookies, sauf ceux strictement nécessaires au fonctionnement du site web.
En savoir plus : Politique de confidentialité
Accepter
Refuser