Threat Information for "Win32.HLLM.Torvil"
| Summary | Top |
- Name: Win32.HLLM.Torvil
- Aliases:
- Date Discovered: 2006-01-13
- Protection Added: 2006-02-23
| Description | Top |
-- Ease of Removal 1: Runs as a service 2: Consistently named 3: Consistent file contents 4: Creates new unique registry entries 5: Creates new registry entries with consistent data -- Damage/Intrusion/Annoyance 1: Autoruns at startup without an option to be disabled -- Propagation/Saturation 1: Creates new files
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\reminder.exe - Added Directory/File:
FilePath: %WINDIR%\Control Panel.{21EC2020-3AEA-1069-A2DD-08002B30309D} - Added Directory/File:
FilePath: %WINDIR%\Recent\Win.ini - Added Directory/File:
FilePath: %WINDIR%\spool??.exe - Added Directory/File:
FilePath: %WINDIR%\.{21EC2020-3AEA-1069-A2DD-08002B30309D} - Added Directory/File:
FilePath: %WINDIR%\SVCHOST.EXE - Added Directory/File:
FilePath: %WINDIR%\SMSS??.exe - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Services\Torvil - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet001\Services\Torvil - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\Explorer\Advanced\OneLevelDeeper\TorvilDB - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Service Host - Runs Service:
Service: TORVIL
