Threat Information for "Trojan.DownLoader.based"
| Summary | Top |
- Name: Trojan.DownLoader.based
- Aliases:
- Date Discovered: 2006-11-16
- Protection Added: 2006-11-22
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Consistently named 3: Consistent file contents 4: Creates new registry entries with consistent data -- Damage/Intrusion/Annoyance 1: Significantly slows down the computer 2: Creates new files 3: Downloads other threats -- Propagation/Saturation 1: Infects from a link in an email 2: Infects from an email attachment 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: d6c2f8e39da3995f99c00612a7b1028c - Added Directory/File:
FilePath: %ROOTDRIVE%loaded.exe - Added Directory/File:
FilePath: %USERDIR%\*.* MD5: d6c2f8e39da3995f99c00612a7b1028c - Added Directory/File:
FilePath: %USERDIR%\loaded.exe - Added Registry Key:
Key: HKU\S-*\Software\AdwareDisableKey3 - Added Registry Key:
Key: HKCU\Software\AdwareDisableKey3 - Added Registry Key:
Key: HKLM\SOFTWARE\AdwareDisableKey3 - Added Registry Data:
Key: HKU\S-1*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\???????.dll,?????? wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\???????.dll,?????? wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: Data\???????.exe wildData=TRUE - Added Registry Data:
Key: HKU\S-1*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\????????.dll,?????? wildData=TRUE - Added Registry Data:
Key: HKU\S-1*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: Data\????????.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\????????.dll,?????? wildData=TRUE - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: Data\????????.exe wildData=TRUE - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\???????.dll,?????? wildData=TRUE - Added Registry Data:
Key: HKU\S-1*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: Data\???????.exe wildData=TRUE - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: Data\???????.exe wildData=TRUE - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\????????.dll,?????? wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: Data\????????.exe wildData=TRUE
