Threat Information for "Trojan.PWS.Fulbiz"
| Summary | Top |
- Name: Trojan.PWS.Fulbiz
- Aliases:TR/Spy.Reox.B, Win32:Trojano-3436, PSW.Generic.QBZ, Trojan.Spy.Reox.B, Logger.Reox.b, Reox!tr.pws
- Date Discovered: 2006-08-24
- Protection Added: 2006-08-28
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Creates new registry entries with consistent data 3: Consistently named 4: Consistent file contents -- Privacy Risks/Security Changes 1: Mimics legitimate file names 2: Disables security software 3: Disables Windows Security Center notification options 4: Disables Windows Firewall 5: Harvests personal data 6: Transmits personal data to remote computers -- Damage/Intrusion/Annoyance 1: Displays error messages due to buggy code 2: Autoruns at startup without an option to be disabled 3: Creates new files -- Propagation/Saturation 1: Infects from a link in an email
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\service\reoxconf1.sam - Added Directory/File:
FilePath: %SYSTEMDIR%\service\explorer.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\service - Added Directory/File:
FilePath: %SYSTEMDIR%\service\dll1.txt - Added Registry Value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile Value: EnableFirewall - Added Registry Value:
Key: HKLM\Software\Microsoft\Security Center Value: AntiVirusDisableNotify - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG% Value: pwd - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG% Value: pwd - Added Registry Value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile Value: DoNotAllowExceptions - Added Registry Value:
Key: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile Value: DisableNotifications - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG% Value: myID2 - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG% Value: myID2 - Added Registry Data:
Key: HKU\S-*\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: [RANDOM VALUE] Data: service\explorer.exe - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: [RANDOM VALUE] Data: service\explorer.exe
