Technical details:
Categories: Trojan,Backdoor,RAT
[Kaspersky]Backdoor.Prorat.10.a,TrojanDropper.Win32.Agent.av,Backdoor.Prorat.10.c;
[Eset]Win32/Prorat.14 trojan,Win32/Prorat.16 trojan,Win32/Prorat.17 trojan,Win32/Prorat.11 trojan,Win32/Prorat.10.C trojan;
[Panda]Trojan Horse,Bck/Prorat.B,Backdoor Program,Bck/Prorat.D,Backdoor Program.LC,Bck/Prorat.A;
[Computer Associates]Backdoor/Prorat.14!Server,Backdoor/Prorat.14.Server,Win32.ProRat.14.A,Win32.ProRat.D,Win32/Prorat.12.2768!Trojan,Win32/Prorat.12.2768.Trojan,Backdoor/Prorat.14.B!Server,Backdoor/Prorat.14.Server.HookDL,Backdoor/Prorat.DLL,Win32.ProRat,Win32.ProRat.17.A,Win32.ProRat.E,Win32.ProRat.G,Backdoor/ProRat.11,Backdoor/Prorat.10.a,Backdoor/Prorat.323584!Server,Win32.ProRat.A,Win32/ProRat.10.A!Trojan,Backdoor/Prorat.17,Win32.Prorat.18.A;
[Other]Win32/ProRat.Z
ProRat Files:
[%SYSTEM%]\fservice.exe
[%SYSTEM%]\reginv.dll
[%SYSTEM%]\winkey.dll
[%WINDOWS%]\ktd32.atm
[%WINDOWS%]\system\sservice.exe
[%PROGRAM_FILES%]\norton systemworks\norton antivirus\quarantine\32fd2804.dll
[%PROGRAM_FILES%]\norton systemworks\norton antivirus\quarantine\331c7edf.dll
[%PROGRAM_FILES%]\norton systemworks\norton antivirus\quarantine\331f28db.dll
[%SYSTEM%]\wininv.dll
[%SYSTEM%]\fservice.exe
[%SYSTEM%]\reginv.dll
[%SYSTEM%]\winkey.dll
[%WINDOWS%]\ktd32.atm
[%WINDOWS%]\system\sservice.exe
[%PROGRAM_FILES%]\norton systemworks\norton antivirus\quarantine\32fd2804.dll
[%PROGRAM_FILES%]\norton systemworks\norton antivirus\quarantine\331c7edf.dll
[%PROGRAM_FILES%]\norton systemworks\norton antivirus\quarantine\331f28db.dll
[%SYSTEM%]\wininv.dll
ProRat Registry Keys:
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-be53-y67078979y}
ProRat Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
ProRat indications of infection
This symptoms of ProRat detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Tofger.HookDLL Trojan Cleaner
VB.ny Backdoor Symptoms
Remove TFD DoS
HeyItsMe Trojan Information
Removing SillyDl.DMW Trojan
No comments:
Post a Comment