Technical details:
Categories: Trojan,Adware,Downloader
[Kaspersky]Trojan-Downloader.Win32.Agent.tn,Trojan-Downloader.Win32.Agent.atb,Trojan-Downloader.Win32.Tiny.bn,Trojan-Proxy.Win32.Agent.ji;
[McAfee]Generic.Downloader.h,Generic.Downloader.k,Generic Downloader.q,Generic Downloader.s,Generic Downloader.r,Generic Downloader.k,Generic Downloader.y;
[F-Prot]W32/Downloader.HNK;
[Other]W32/Dloader.CNT,TROJ_H.A,Win32/Discoslent.A,Win32/SillyDL4128!Trojan,Troj/Dloader-TP,Download.Trojan,Troj/Delf-SF,W32/DLoader.DTL,W32/DLoader.ABDY,TROJ_VB.ACJ,Troj/VB-AZA,Win32.Cadux.AV,Trojan-Downloader.Win32.VB.ajp,Win32/SillyDl.AVD,trojan downloader apher,Scam.Iwin,Win32/Shadown!generic,Downloader,enbrowser,Troj/Voter-A,Trojan.Vxgame.z,Win32/Matcash.BF,TROJ_DLOADER.QNF,BrowserModifier:Win32/Matcash Generic.Downloader Files:
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt42.game
[%PROFILE_TEMP%]\Setup100.exe
[%SYSTEM%]\agibukww.exe
[%SYSTEM%]\dowhrqyg.exe
[%SYSTEM%]\jkzfsjru.exe
[%SYSTEM%]\meoybrof.exe
[%SYSTEM%]\nejfxbgx.exe
[%SYSTEM%]\uygemmke.exe
[%SYSTEM%]\vdamcczs.exe
[%SYSTEM%]\xzclrczo.exe
[%WINDOWS%]\retadpu922.exe
[%PROFILE_TEMP%]\dnlsvc.exe
[%PROFILE_TEMP%]\dnsec.exe
[%PROFILE_TEMP%]\ms-38.exe
[%SYSTEM%]\msdirect.sys
[%WINDOWS%]\ifqtmpy.exe
[%WINDOWS%]\ifqtmpyA.exe
[%WINDOWS%]\Temp\ms-39.exe
[%WINDOWS%]\zmovpbf.exe
[%WINDOWS%]\zmovpbfA.exe
[%PROFILE_TEMP%]\qv3xt3.game
[%PROFILE_TEMP%]\qvxt42.game
[%PROFILE_TEMP%]\Setup100.exe
[%SYSTEM%]\agibukww.exe
[%SYSTEM%]\dowhrqyg.exe
[%SYSTEM%]\jkzfsjru.exe
[%SYSTEM%]\meoybrof.exe
[%SYSTEM%]\nejfxbgx.exe
[%SYSTEM%]\uygemmke.exe
[%SYSTEM%]\vdamcczs.exe
[%SYSTEM%]\xzclrczo.exe
[%WINDOWS%]\retadpu922.exe
[%PROFILE_TEMP%]\dnlsvc.exe
[%PROFILE_TEMP%]\dnsec.exe
[%PROFILE_TEMP%]\ms-38.exe
[%SYSTEM%]\msdirect.sys
[%WINDOWS%]\ifqtmpy.exe
[%WINDOWS%]\ifqtmpyA.exe
[%WINDOWS%]\Temp\ms-39.exe
[%WINDOWS%]\zmovpbf.exe
[%WINDOWS%]\zmovpbfA.exe
Generic.Downloader Registry Keys:
HKEY_CLASSES_ROOT\clsid\{6f26ed6f-82c2-4b64-b1a7-40e644225e97}
HKEY_CLASSES_ROOT\clsid\{a405d44c-4b7b-43ea-a3ea-7e0e3065220e}
HKEY_CLASSES_ROOT\skymmstp.cfiledownload
HKEY_CLASSES_ROOT\skymmstp.cvirus
HKEY_CLASSES_ROOT\typelib\{a67726d9-4100-4582-8620-5a7e27d3ec3b}
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\dnlsvc
HKEY_CLASSES_ROOT\clsid\{721e6521-4cad-4a8d-a7f1-4e230b31ef19}
HKEY_CLASSES_ROOT\interface\{2be09adf-e81b-4b3a-bc93-267af94a7994}
HKEY_CLASSES_ROOT\interface\{4cff74bb-586f-4140-857c-05c96682ce7b}
HKEY_CLASSES_ROOT\interface\{d5722cec-adc9-4dfc-a25c-649dd0808161}
HKEY_CLASSES_ROOT\mshlp.mshlper
HKEY_CLASSES_ROOT\mshlp.mshlper.1
HKEY_CLASSES_ROOT\prjdownsecuxxx.cfiledownload
HKEY_CLASSES_ROOT\prjdownsecuxxx.cvirus
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\msdirect
Generic.Downloader Registry Values:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Generic.Downloader indications of infection
This symptoms of Generic.Downloader detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
Subabac Trojan Information
Posts
No comments:
Post a Comment