Loki Trojan

Loki virus description
Technical details:
Categories: Trojan,Backdoor,Downloader,DoS
Loki Aliases:
[Panda]Loki.1234.1st;
[Computer Associates]Loki

Loki Folders:
[%PROGRAM_FILES_COMMON%]\totem shared
[%PROGRAM_FILES%]\search bar

Loki Files:
[%PROFILE_TEMP%]\EaslME.exe
[%PROFILE_TEMP%]\EFJa7E.exe
[%PROFILE_TEMP%]\OaKDu7.exe
[%PROGRAM_FILES%]\default.skn
[%PROGRAM_FILES%]\skins\default.skn
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\ezines.dat
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\paysites.dat
[%SYSTEM%]\pics.dat
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\msbb.exe
[%PROFILE_TEMP%]\EaslME.exe
[%PROFILE_TEMP%]\EFJa7E.exe
[%PROFILE_TEMP%]\OaKDu7.exe
[%PROGRAM_FILES%]\default.skn
[%PROGRAM_FILES%]\skins\default.skn
[%SYSTEM%]\acsproxy.lib
[%SYSTEM%]\bw6mds51.ocx
[%SYSTEM%]\chat.dat
[%SYSTEM%]\ezines.dat
[%SYSTEM%]\home.dat
[%SYSTEM%]\imgconv.dll
[%SYSTEM%]\longtimer.ocx
[%SYSTEM%]\mciwndx.ocx
[%SYSTEM%]\olelib.tlb
[%SYSTEM%]\paysites.dat
[%SYSTEM%]\pics.dat
[%SYSTEM%]\unregister.exe
[%SYSTEM%]\VIC32.DLL
[%SYSTEM%]\videos.dat
[%WINDOWS%]\alchem.ini
[%WINDOWS%]\msbb.exe

Loki Registry Keys:
HKEY_CLASSES_ROOT\clsid\{771a1334-6b08-4a6b-aedc-cf994ba2cebe}
HKEY_CLASSES_ROOT\clsid\{dc341f1b-ec77-47be-8f58-96e83861cc5a}
HKEY_CLASSES_ROOT\interface\{90ce74cc-788a-4a00-b38d-cbca08cc9e8f}
HKEY_CLASSES_ROOT\interface\{bf06da8e-2beb-4816-9bbd-f7625246e245}
HKEY_CLASSES_ROOT\istx.installer.2
HKEY_CLASSES_ROOT\typelib\{cc257918-f435-4a33-8231-2b8195990cca}
HKEY_CLASSES_ROOT\typelib\{db447818-96b4-40df-8a55-720da496f514}
HKEY_CURRENT_USER\software\ist
HKEY_LOCAL_MACHINE\software\classes\appid\{11baf79b-530c-4200-a33d-48be83fc75be}
HKEY_LOCAL_MACHINE\software\classes\appid\{5fb747f9-320c-47b4-9ce8-545fb4f3ba81}
HKEY_LOCAL_MACHINE\software\classes\atltoolbar.tbar
HKEY_LOCAL_MACHINE\software\classes\atltoolbar.tbar.1
HKEY_LOCAL_MACHINE\software\classes\bho.bhoobject
HKEY_LOCAL_MACHINE\software\classes\bho.bhoobject.1
HKEY_LOCAL_MACHINE\software\classes\clsid\{68706808-7097-4818-9aec-cb1a0e7aca51}
HKEY_LOCAL_MACHINE\software\classes\clsid\{98a8315e-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{aa8c93e1-7e5f-497e-b67c-cc8fe2a40d3b}
HKEY_LOCAL_MACHINE\software\classes\clsid\{f3e7ff6d-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\software\classes\imgconv.clsimgconv
HKEY_LOCAL_MACHINE\software\classes\interface\{2ddd90d6-f153-4ea7-a324-4b2d83d1027e}
HKEY_LOCAL_MACHINE\software\classes\interface\{788bd7b7-fa4f-4fd3-b63e-e3fbc0aa7d0a}
HKEY_LOCAL_MACHINE\software\classes\interface\{79bf9dcd-c52d-4da8-b15e-ac2a88e96b0a}
HKEY_LOCAL_MACHINE\software\classes\interface\{7ed9e9b8-e1d4-4576-aec2-2a70bb3caa1c}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315d-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{98a8315f-667a-11d5-87a3-bb213c32b44b}
HKEY_LOCAL_MACHINE\software\classes\interface\{996b33c1-8e19-4f4f-ab6c-52a2c523b7d3}
HKEY_LOCAL_MACHINE\software\classes\interface\{9ce15eb5-6b39-4656-9e1f-2d219ee42e0e}
HKEY_LOCAL_MACHINE\software\classes\typelib\{17ed04b9-6c71-11d4-87a3-daa6b6b40e8f}
HKEY_LOCAL_MACHINE\software\classes\typelib\{7c9e9a74-1922-409e-ab46-e48784336c3a}
HKEY_LOCAL_MACHINE\software\classes\typelib\{b1c5c992-23df-4704-9f7a-155b575ed19a}
HKEY_LOCAL_MACHINE\software\classes\typelib\{d956a47d-73cd-4ee9-bbf7-b06c14100c41}
HKEY_LOCAL_MACHINE\software\classes\typelib\{f3e7ff6b-dca1-11d4-95df-00c0dfe9982c}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7C559105-9ECF-42B8-B3F7-832E75EDD959}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\zonemap\domains\contentmatch.net
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\downloaded program files\istactivex.dll

Loki Registry Values:
HKEY_LOCAL_MACHINE\software\classes\appid\atltoolbar.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer

Loki indications of infection

This symptoms of Loki detection are the files, registry, and network communication referenced in the technical details section.
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.Distribution channels include IRC, peer-to-peer networks, newsgroup postings, e-mail, etc.
Buy Exterminate-It antivirus software and perform a full scan of the computer.
You can also Download Free Trial Version of ExterminateIt! to check your your computer just NOW.

Also Be Aware of the Following Threats:
Removing Elite.Keylogger Spyware
Removing Unmanarc.Remote.Control.Server Backdoor
MSN.SmartTags BHO Information
QZap1 Trojan Removal

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)