Threat Information for "Trojan.Proxy.1031"
| Summary | Top |
- Name: Trojan.Proxy.1031
- Aliases:HEUR/Malware.Crypted.PSM, W32/Proxy.AED, Win32:Agent-ATG, Proxy.EAN, Trojan.Proxy.Agent.KM, TrojanProxy.Agent.km
- Date Discovered: 2006-08-15
- Protection Added: 2006-08-24
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Consistent file contents 3: Consistently named 4: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Transmits personal data to remote computers -- Damage/Intrusion/Annoyance 1: Autoruns at startup without an option to be disabled 2: Changes browser home page -- Propagation/Saturation 1: Infects through Peer-2-Peer Software 2: Spreads from a link in an email 3: Displays error messages due to buggy code 4: Creates new files 5: Mimics legitimate file names
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 2b247a31ab944c3235cc9bd1909a01b0 - Added Directory/File:
FilePath: %SYSTEMDIR%\???????. FileSize: 0 - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: tutc* - Added Registry Value:
Key: HKU\.DEFAULT\%CURRENTVERSIONREG%\Run Value: updwebmin - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: updwebmin - Added Registry Value:
Key: HKU\.DEFAULT\%CURRENTVERSIONREG%\Run Value: tutc* - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: updwebmin - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: tutc* - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: tutc* - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: updwebmin - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: updwebmin - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: tutc*
