Technical details:
Categories: Trojan,Downloader
[Panda]Trojan Horse.LC;
[Computer Associates]Win32.Kather.D,Win32/Kather.c!Downloader
Kather Folders:
[%PROGRAM_FILES%]\citrix\gotomypc
Kather Files:
[%DESKTOP%]\backup from old drive\Program Files\Citrix\GoToMyPC\g2svc.exe
[%DESKTOP%]\backup from old drive\Program Files\Citrix\GoToMyPC\gopcsrv.exe
[%MYVIDEO%]\Program Files\Citrix\GoToMyPC\g2svc.exe
[%MYVIDEO%]\Program Files\Citrix\GoToMyPC\gopcsrv.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2comm.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2fileh.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2host.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2mainh.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2pre.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2printh.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\G2ProcessFactory.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2svc.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2tray.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\G2WinLogon.dll
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2winlogon_x64.dll
[%PROGRAM_FILES%]\Citrix\GoToMyPC\gopcsrv.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\gotomon.dll
[%SYSTEM%]\gotomon.dll
[%DESKTOP%]\backup from old drive\Program Files\Citrix\GoToMyPC\g2svc.exe
[%DESKTOP%]\backup from old drive\Program Files\Citrix\GoToMyPC\gopcsrv.exe
[%MYVIDEO%]\Program Files\Citrix\GoToMyPC\g2svc.exe
[%MYVIDEO%]\Program Files\Citrix\GoToMyPC\gopcsrv.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2comm.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2fileh.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2host.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2mainh.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2pre.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2printh.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\G2ProcessFactory.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2svc.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2tray.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\G2WinLogon.dll
[%PROGRAM_FILES%]\Citrix\GoToMyPC\g2winlogon_x64.dll
[%PROGRAM_FILES%]\Citrix\GoToMyPC\gopcsrv.exe
[%PROGRAM_FILES%]\Citrix\GoToMyPC\gotomon.dll
[%SYSTEM%]\gotomon.dll
Kather Registry Keys:
HKEY_CLASSES_ROOT\gotomypc.starthereloader
HKEY_CLASSES_ROOT\gotomypc.starthereloader.1
HKEY_LOCAL_MACHINE\software\citrix\gotomypc
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gotomypc
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\g2svc.exe
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\gotomypc port
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\gotomypc
Kather Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
Kather indications of infection
This symptoms of Kather detection are the files, registry, and network communication referenced in the technical details section.Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.
Also Be Aware of the Following Threats:
QDel212 Trojan Removal instruction
Removing Tbon Adware
Removing Bancos.HUE Trojan
Remove Pigeon.AVOA Trojan
No comments:
Post a Comment