Security Info

  • Security Center
    • Virus
  • Security Dictionary
  • Security Service
  • Free Download!!

Threats DB


Typical Symptoms  Information leak,Key Logging,Accessing certain IRC server,Downloading a particular file,Opens the specific port,Creates file
Discovered  [korea] 0000-00-00
 [Foreign] 0000-00-00
Type  Backdoor ActiveField  Win32
Origin  others Encryption  NO
Location  Macro Memory residence  NO
Scan engine needed
2014-08-19 [Able to detect & repair]
  • Free trial download


It's a Backdoor malicious code(Server-side polymorphism). It collects information from infected systems and runs by command codes from a C&C server.


Here are main malicious actions by this malware.

- Download and run malicious codes.
- Execute files.
- Execute command codes.
- Execute files.​


This malicious code uses ' Server-side polymorphism', therefore distributed files' MD5 is changed continuously. (But, the function of this malicious code is same as a Backdoor malware.)
Files(named 3002.exe or 3005.exe) have been distributed by many websites(e.g. Universities, organizations, shopping malls, travel agencies, etc. ), users need to be aware of that.


[Distributed location]


 The Symptom

1. It creates the following files.

C:WINDOWS(Random names)svchsot.exe => Self-replication


2. It creates the following registry values.



3. It registers the following task scheduler.


4. It accesses the following network.


Removal Instructions

[How to repair]
Reparable by ViRobot engine ver. 2014-08-19 or above.

Copyright 2008 @ HAURI Inc. All rights reserved. SiteMap