Win32/Bicololo [Threat Name] go to Threat

Win32/Bicololo.AG [Threat Variant Name]

Category trojan
Size 170783 B
Aliases Win32:Bicololo-DT (Avast)
  VBS/StartPage (AVG)
  GenericStartPage.sim.trojan (McAfee)
Short description

Win32/Bicololo.AG is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.

Installation

When executed, the trojan creates the following files:

  • %programfiles%\­rhv\­rhv\­kokolok.txt (1 B)
  • %programfiles%\­rhv\­rhv\­kust.txt (5 B)
  • %programfiles%\­rhv\­rhv\­na1111111111111ki.bat (6759 B, Win32/Bicololo.AG)
  • %programfiles%\­rhv\­rhv\­no111111111ri.vbs (1700 B, Win32/Bicololo.AG)

The trojan executes the following files:

  • %programfiles%\­rhv\­rhv\­na1111111111111ki.bat
  • %programfiles%\­rhv\­rhv\­no111111111ri.vbs
Other information

Win32/Bicololo.AG is a trojan that prevents access to certain web sites and reroutes traffic to certain IP addresses.


The trojan modifies the following file:

  • %systemroot%\­System32\­drivers\­ets\­hosts

The trojan writes the following entries to the file:

  • #sdfsdfsdf
  • 94.249.189.151  my.mail.ru
  • 94.249.189.151  m.my.mail.ru
  • 94.249.189.151  vk.com
  • 94.249.189.151  m.vk.com
  • 94.249.189.151  odnoklassniki.ru
  • 94.249.189.151  www.odnoklassniki.ru
  • 94.249.189.151  m.odnoklassniki.ru
  • 94.249.189.151  ok.ru
  • 94.249.189.151  m.ok.ru
  • 94.249.189.151  www.odnoklassniki.ru
  • 94.249.189.151  vk.com

The trojan connects to the following addresses:

  • http://94.249.18%removed%t/tuk/154

Please enable Javascript to ensure correct displaying of this content and refresh this page.