Threat Information for "Mraskalot.com Forethought"
| Summary | Top |
- Name: Mraskalot.com Forethought
- Aliases:TR/Dldr.Agent.ala, W32/Downloader.ADNL, Downloader.Agent.DUL, Trojan.Downloader.Agent.AEM, Trojan.DownLoader.3945, Win32/Kodoli!Trojan
- Date Discovered: 2006-08-17
- Protection Added: 2006-08-23
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Consistent file contents 3: Consistently named 4: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Downloads other threats -- Damage/Intrusion/Annoyance 1: Displays targeted popup advertisements [SPYWARE ONLY] 2: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Creates new files 2: Bundled with third-party applications [SPYWARE ONLY]
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\nr1rnqm8.exe - Added Directory/File:
FilePath: %WINDIR%\System32tfthot.exe - Added Directory/File:
FilePath: %WINDIR%\System32ftuninst.exe - Added Directory/File:
FilePath: %ROOTDRIVE%*new.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\mptft.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\ssec.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\tfthot.exe - Added Directory/File:
FilePath: %WINDIR%\System32ssec.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\ftuninst.exe - Added Directory/File:
FilePath: %CACHE%\gkyukar*.cab - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Uninstall\treewood - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\mptft.exe
