Threat Information for "Trojan.Proxy.986"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.Proxy.986
  • Aliases:Trojan.PR.Small.CLZ, TrojanProxy.Win32.Agent.5BDA, Trojan/Proxy.Agent.km, Trojan.Jupillites, Troj/Daemoni-AK, Trj/Jupillites.G
  • Date Discovered: 2006-07-27
  • Protection Added: 2006-08-15
Description Top 
-- Ease of Removal

1: File names uniquely generated

-- Privacy Risks/Security Changes

1: Transmits personal data to remote computers
2: Opens backdoors [VIRUS ONLY]

-- Damage/Intrusion/Annoyance

1: Downloads other threats
2: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Creates new files
2: Spreads through instant messenger software [VIRUS ONLY]
3: Displays fake error messages
4: Displays error messages due to buggy code
5: Spreads from a link in an email
6: Spreads through Peer-2-Peer software [VIRUS ONLY]
Technical Details Top
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\* MD5: d41d8cd98f00b204e9800998ecf8427e
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\* MD5: 1a74375e5b7db6a92868d39c6deb3f66
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\_??????????????????????????.dll
  • Added Directory/File:
    FilePath: %USERDIR%\BugGuys\Application Data\Microsoft\2238.dat
  • Added Directory/File:
    FilePath: %USERDIR%\BugGuys\Application Data\Microsoft\2238.dat
  • Added Directory/File:
    FilePath: %USERLOCALSETTINGS%\Temp\*\60711.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\* MD5: 986b80fbc37c8f029f32e7e0946ad365
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\_??????????????????????????.exe
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\dxvw????.exe
  • Added Directory/File:
    FilePath: %USERDIR%\BugGuys\Application Data\Microsoft\* MD5: ab3cd01b05082b4dd5c6586bc0d3b54f
  • Added Directory/File:
    FilePath: %USERLOCALSETTINGS%\Temp\*\60711.exe
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\ShellServiceObjectDelayLoad Value: DCOM Server 2238
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: Explorer 2238
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\Explorer\SharedTaskScheduler Value: DCOM Server 2238
  • Added Registry Data:
    Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: _zskwrkni05
  • Added Registry Data:
    Key: HKCR\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: dxvw
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: _zskwrkni05
  • Added Registry Data:
    Key: HKLM\SOFTWARE\Classes\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: dxvw
  • Added Registry Data:
    Key: HKU\S-*\Software\Microsoft\Windows\ShellNoRoam\MUICache Value: [RANDOM VALUE] Data: dxvw
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: [RANDOM VALUE] Data: _zskwrkni05
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: _zskwrkni05