Threat Information for "Trojan.MulDrop.4091"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.MulDrop.4091
  • Aliases:
  • Date Discovered: 2006-09-26
  • Protection Added: 2006-10-03
Description Top 
-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistent file contents
3: Consistently named
4: Runs as a BHO or shell extension
5: Runs as a service
6: Injects DLLs into running processes
7: Uses running processes
8: Uses redundant/watcher processes
9: Hides running processes
10: Hides files
11: Hides registry entries

-- Privacy Risks/Security Changes

1: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Modifies non-critical registry entries
2: Displays targeted popup advertisements
3: Creates new files
4: Autoruns at startup without an option to be disabled
5: Downloads other threats

-- Propagation/Saturation

1: Infects from a link in an email
2: Infects from an email attachment
3: Spreads through Peer-2-Peer software
Technical Details Top
  • Added Registry Key:
    Key: HKLM\%BHOREG%\{0D97A4D2-9F3D-E91C-5EAD-E685720E2FCC}
  • Added Registry Key:
    Key: HKCR\CLSID\{0D97A4D2-9F3D-E91C-5EAD-E685720E2FCC}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Classes\MezziaCodec.Chl
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\{BC84DF00-BC38-9902-8082-6FCBF2D87A0B}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe
  • Added Registry Key:
    Key: HKLM\SOFTWARE\CLASSES\CLSID\{0D97A4D2-9F3D-E91C-5EAD-E685720E2FCC}
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
  • Added Registry Key:
    Key: HKCR\MezziaCodec.Chl
  • Added Registry Key:
    Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win???32
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: rmass.exe
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\Internet Settings\Connection Policy Value: Default Flags
  • Added Registry Value:
    Key: HKU\.DEFAULT\%CURRENTVERSIONREG%\Internet Settings\Connection Policy Value: Default Flags
  • Added Registry Value:
    Key: HKCU\%CURRENTVERSIONREG%\Explorer Value: ShellState Backup Policy
  • Added Registry Value:
    Key: HKU\S-*\%CURRENTVERSIONREG%\Internet Settings\Connection Policy Value: Default Flags
  • Added Registry Value:
    Key: HKLM\SOFTAWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value: SubshellState
  • Added Registry Value:
    Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\Connection Policy Value: Default Flags
  • Added Registry Data:
    Key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\* Value: [RANDOM VALUE] Data: RECOVER32
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: 32.dll,run