Threat Information for "Trojan.Proxy.931"
| Summary | Top |
- Name: Trojan.Proxy.931
- Aliases:
- Date Discovered: 2006-09-22
- Protection Added: 2006-09-27
| Description | Top |
-- Ease of Removal 1: Consistent file contents 2: Consistently named 3: Creates new registry entries with consistent data 4: Runs as a service -- Privacy Risks/Security Changes 1: Mimics legitimate file names 2: Opens backdoors 3: Changes home page to phishing website -- Damage/Intrusion/Annoyance 1: Creates new files -- Propagation/Saturation 1: Installed by other infections 2: Spreads through Peer-2-Peer software
| Technical Details | Top |
- Added Directory/File:
FilePath: %WINDIR%\nt\ncrs.* - Added Directory/File:
FilePath: %WINDIR%\nt - Added Registry Key:
Key: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NTRCS - Added Registry Key:
Key: HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_NTRCS - Added Registry Key:
Key: HKLM\SOFTWARE\Tmp - Added Registry Key:
Key: HKLM\SYSTEM\ControlSet001\Services\ntrcs - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: Microsoft (R) Windows Vista - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Explorer Value: NoFolderOptions - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Explorer\Advanced Value: ShowSuperHidden - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: nrcs.exe - Added Registry Data:
Key: HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List Value: [RANDOM VALUE] Data: nrcs.exe
