Threat Information for "Trojan.DownLoader.6988"
| Summary | Top |
- Name: Trojan.DownLoader.6988
- Aliases:TrojanDownloader.Win32.CWS.C3F3, Adware/CWS.Yexe, W32/CWS.BH, Krepper (threat-c), Win32/TrojanDownloader.CWS, W32/ARQ.S!tr.dldr
- Date Discovered: 2006-07-26
- Protection Added: 2006-08-15
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Runs as a BHO or shell extension 3: Runs as a service 4: Consistent file contents 5: Consistently named 6: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Changes internet security settings 2: Downloads other threats -- Damage/Intrusion/Annoyance 1: Downloads other threats 2: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Infects through Peer-2-Peer Software 2: Mimics legitimate file names
| Technical Details | Top |
- Added Directory/File:
FilePath: %WINDIR%\inet200??\tmp.req - Added Directory/File:
FilePath: %WINDIR%\inet200??\??????????.in - Added Directory/File:
FilePath: %WINDIR%\OEM.exe - Added Directory/File:
FilePath: %WINDIR%\inet200??\killer.exe - Added Directory/File:
FilePath: %USERDIR%\1.txt - Added Directory/File:
FilePath: %WINDIR%\inet200??\services.exe - Added Directory/File:
FilePath: %WINDIR%\inet200??\mm5.exe.bak - Added Directory/File:
FilePath: %WINDIR%\inet200??\3.03.00.dll - Added Directory/File:
FilePath: %WINDIR%\inet200??\mm5.exe - Added Directory/File:
FilePath: %WINDIR%\inet200??\killer.exe.bak - Added Directory/File:
FilePath: %WINDIR%\inet200??\??????????.bat - Added Directory/File:
FilePath: %WINDIR%\inet200??\1.txt - Added Directory/File:
FilePath: %WINDIR%\inet200??\alg.exe - Added Directory/File:
FilePath: %WINDIR%\OEM.exe.bak - Added Directory/File:
FilePath: %WINDIR%\inet200??\socks.exe - Added Directory/File:
FilePath: %USERDIR%\tmp.req - Added Directory/File:
FilePath: %WINDIR%\inet200??\winlogon.exe - Added Directory/File:
FilePath: %WINDIR%\inet200??\alg.exe.bak - Added Directory/File:
FilePath: %WINDIR%\inet200?? - Added Directory/File:
FilePath: %WINDIR%\inet200??\mm.pid - Added Registry Key:
Key: HKLM\Software\CLASSES\Replace.HBO - Added Registry Key:
Key: HKLM\Software\CLASSES\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3} - Added Registry Key:
Key: HKLM\%BHOREG%\{5321E378-FFAD-4999-8C62-03CA8155F0B3} - Added Registry Key:
Key: HKLM\Software\CLASSES\Replace.HBO.1 - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: xp_system - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Microsoft standard protector - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: xp_system - Added Registry Value:
Key: HKU\.DEFAULT\%CURRENTVERSIONREG%\Run Value: xp_system
