Cridex.B

Posted: November 4, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	3,436

First Seen:	November 4, 2011
Last Seen:	October 28, 2022
OS(es) Affected:	Windows

Cridex-B is a worm that may attempt to steal financial information and other forms of personal data, as well as being configurable for other attacks and having the standard self-copying functions that all worms possess. Although Cridex-B has been noted for being delivered by several types of PC threats, SpywareRemove.com malware experts have found that recent Cridex-B attacks have been caused by a string of fake invoice spam that link to sites that use various exploits in conjunction to install Cridex-B. Wariness around unusual links from suspicious e-mail messages can help you to avoid a potential Cridex-B attack, which may be disguised to look like harmless content or be accomplished through invisible script exploits. If you do suspect that Cridex-B could be on your PC, you should use appropriate anti-malware programs to confirm or debunk Cridex-B's presence, since failing to remove Cridex-B with competent anti-malware software can result in both a serious security danger for your computer and theft of your personal information.

How Paying Attention to Your E-mail Can Save You from Cridex-B

Cridex-B-installing attacks have been known to use Trojan downloaders like TrojanDownloader:Win32/Skidlo.A, as well as scripted exploits like Exploit:JS/Blacole. Using strong browser security settings, disabling scripts, keeping select scripts uninstalled and having active anti-malware programs can all help to identify and defend against these types of Cridex-B-installation attacks. However, the most recent Cridex-B-related attacks that SpywareRemove.com malware researchers have noted have begun with fake e-mail messages about invoice errors. These e-mail messages contain misleading links to compromised WordPress 3.2.1 websites that distribute Cridex-B with a series of exploits, including invisible iFrames, JavaScript exploits, Flash exploits and even Internet Explorer-specific attacks.

As of late January, the number of Cridex-B infections that have been identified in these attacks number only a hundred, but with that quantity slowly growing, SpywareRemove.com malware experts advise that you pay attention to unusual e-mail links. As long as you use an up-to-date web browser, use strong security settings and keep an anti-malware product on hand, however, you should be likely to detect these encroachments before they can finish installing Cridex-B on your PC. If this isn't the case, though, you should consider taking extra steps to secure your bank-related information, since Cridex-B has been known to steal bank passwords and other forms of sensitive and fiscal information, especially info that Cridex-B can glean from your web browser.

Cridex-B – Possibly Just the Initial Step in a Ladder of Computer Woes

Besides its spyware tendencies, Cridex-B is also noted for the following functions, although any specific Cridex-B infection can or cannot use a few or all of these attacks (due to the inherent variability that Cridex-B's remote server instructions allow):

Copying itself to removable hard drives or network-shared locations that Cridex-B may use to install itself onto other computers.
Infection techniques that allow Cridex-B to insert malicious code into normal Windows processes; this will make removing Cridex-B more difficult than it normally would be.
Changes to your Registry that force Internet Explorer to start in Online Mode. SpywareRemove.com malware researchers note that this can be classified as a security risk.
Contacting a remote server to acquire instructions, download other malware for installation or send stolen information to criminals.

Aliases

SHeur4.SJJ [AVG]W32/Yakes.B!tr [Fortinet]Trojan/Win32.Dapato.gen [Antiy-AVL]Troj/Zbot-BNJ [Sophos]Worm/Cridex.B.79 [AntiVir]Win32.HLLW.Autoruner1.11771 [DrWeb]Trojan.Generic.KD.547797 [BitDefender]Trojan-Dropper.Win32.Dapato.aeuk [Kaspersky]Generic.bfr!ek [McAfee]Worm.Cridex [CAT-QuickHeal]Trj/Genetic.gen [Panda]Dropper.Generic7.CLFO [AVG]W32/Injector.ZVR!tr [Fortinet]Trojan/Win32.Zbot [AhnLab-V3]TR/Agent.135168.156 [AntiVir]
More aliases (336)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

%USERPROFILE%\Application Data\KB00574440.exe

File name: KB00574440.exe
Size: 59.9 KB (59904 bytes)
MD5: 783be0270efa0235b19b4e7182ece043
Detection count: 96
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data
Group: Malware file
Last Updated: December 12, 2011

%USERPROFILE%\Application Data\KB00256353.exe

File name: KB00256353.exe
Size: 181.24 KB (181248 bytes)
MD5: 8c23e55f7b0ca489bb4b05f9c6721761
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data
Group: Malware file
Last Updated: December 5, 2011

%WINDIR%\system32\74472b74.dll

File name: 74472b74.dll
Size: 3.27 MB (3272192 bytes)
MD5: 25976c7732707537f5fd5c20540dba73
Detection count: 81
File type: Dynamic link library
Mime Type: unknown/dll
Path: %WINDIR%\system32
Group: Malware file
Last Updated: November 8, 2011

%USERPROFILE%\Application Data\KB00818303.exe

File name: KB00818303.exe
Size: 59.9 KB (59904 bytes)
MD5: 98f669d6e8a0b92401dc6bd6ed1291d4
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data
Group: Malware file
Last Updated: December 5, 2011

%SystemDrive%\Documents and Settings\HP_Owner\Application Data\KB00158076.exe

File name: KB00158076.exe
Size: 69.12 KB (69120 bytes)
MD5: 947a37cab6737c1a506b6098db864f31
Detection count: 70
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\HP_Owner\Application Data
Group: Malware file
Last Updated: May 15, 2013

%USERPROFILE%\Application Data\KB00012088.exe

File name: KB00012088.exe
Size: 83.45 KB (83456 bytes)
MD5: 5c2db9405e1828a5909d7b7dacc5c2fd
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Application Data
Group: Malware file
Last Updated: November 21, 2011

%SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413\syitm.exe

File name: syitm.exe
Size: 49.15 KB (49152 bytes)
MD5: 291a7a563820f3a52c35bb1bc5a69f6f
Detection count: 59
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\RECYCLER\S-1-5-21-0243556031-888888379-781863308-1413
Group: Malware file
Last Updated: July 15, 2022

%APPDATA%\__kb00066679.exe

File name: __kb00066679.exe
Size: 134.65 KB (134656 bytes)
MD5: 038be3d87c1bb305f6bb2706d7718b6f
Detection count: 41
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 29, 2013

%APPDATA%\KB00009976.exe

File name: KB00009976.exe
Size: 229.88 KB (229888 bytes)
MD5: 9df3e9fb927c7d846ca1337758ef5d60
Detection count: 32
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 30, 2012

%USERPROFILE%\Protection.exe

File name: Protection.exe
Size: 701.44 KB (701440 bytes)
MD5: ee5f80e4d3a4b14a72255b4b875f547f
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: November 8, 2011

%WINDIR%\jodrive32.exe

File name: jodrive32.exe
Size: 86.01 KB (86016 bytes)
MD5: 104f8c14a26836fdb665dbe89ec6c578
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %WINDIR%
Group: Malware file
Last Updated: July 15, 2022

C:\Users\<username>\AppData\Roaming\DTite.exe

File name: DTite.exe
Size: 736.91 KB (736913 bytes)
MD5: 6f12c5a35a6934cae04509b5ef544551
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Roaming\DTite.exe
Group: Malware file
Last Updated: July 12, 2021

%COMMONPROGRAMFILES%\BOONTY Shared\Service\Boonty.exe

File name: Boonty.exe
Size: 69.12 KB (69120 bytes)
MD5: f5539e7e4a4bfe6946a2e133ff593b71
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %COMMONPROGRAMFILES%\BOONTY Shared\Service
Group: Malware file
Last Updated: November 8, 2011

%SystemDrive%\Documents and Settings\Gregg B\Application Data\KB00033595.exe

File name: KB00033595.exe
Size: 70.65 KB (70656 bytes)
MD5: 417841bff309c1261eb0e42d80ead7ad
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\Gregg B\Application Data
Group: Malware file
Last Updated: January 5, 2013

%SystemDrive%\Documents and Settings\rsolich\Application Data\KB00866601.exe

File name: KB00866601.exe
Size: 88.06 KB (88064 bytes)
MD5: e0e2888476ee55cab70f43d57fd4e949
Detection count: 10
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\rsolich\Application Data
Group: Malware file
Last Updated: October 22, 2012

%PROGRAMFILES%\Registry Fast\RegFast.exe

File name: RegFast.exe
Size: 3.55 MB (3553792 bytes)
MD5: 4ff7e022f86ac6dc20ed2f7779b1582e
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %PROGRAMFILES%\Registry Fast
Group: Malware file
Last Updated: November 8, 2011

%APPDATA%\Windows Defender\csrss.exe

File name: csrss.exe
Size: 445.44 KB (445440 bytes)
MD5: 8740a9dfed239ddd4a11de5b99b44e1b
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Windows Defender
Group: Malware file
Last Updated: November 8, 2011

%APPDATA%\KB724257.exe

File name: KB724257.exe
Size: 228.72 KB (228720 bytes)
MD5: bc7d442906437eebebb6a21e20a35dd1
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: November 4, 2011

%APPDATA%\KB00144083.exe

File name: KB00144083.exe
Size: 86.52 KB (86528 bytes)
MD5: acdd4c2a377933d89139b5ee6eefc464
Detection count: 6
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: July 7, 2015

%SystemDrive%\Users\<username>\AppData\Roaming\KB00706635.exe

File name: KB00706635.exe
Size: 57.34 KB (57344 bytes)
MD5: 7a8a7250e99f2856ff1b2792e5c391ee
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: November 28, 2011

%APPDATA%\Qtasai.scr

File name: Qtasai.scr
Size: 106.49 KB (106496 bytes)
MD5: e80ae6ff28ef78cfb12a927a86517677
Detection count: 5
Mime Type: unknown/scr
Path: %APPDATA%
Group: Malware file
Last Updated: August 13, 2012

%SystemDrive%\Users\<username>\AppData\Roaming\KB00765271.exe

File name: KB00765271.exe
Size: 113.15 KB (113152 bytes)
MD5: 28b6eabdde29421eb00f07119e803e39
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: February 6, 2013

%SystemDrive%\Users\<username>\AppData\Roaming\KB00450223.exe

File name: KB00450223.exe
Size: 91.13 KB (91136 bytes)
MD5: ef0e291414e6e8848985f14c3c1d056c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Users\<username>\AppData\Roaming
Group: Malware file
Last Updated: March 21, 2013