Threat Information for "Trojan.LastAd"
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Consistent file contents 3: File names uniquely generated 4: Creates new unique registry entries -- Damage/Intrusion/Annoyance 1: Displays targeted popup advertisements 2: Creates new files -- Propagation/Saturation 1: Spreads through Peer-2-Peer software 2: Infects from a link in an email 3: Infects from an email attachment 4: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: 088e25cf7f755f74cb15a03a309b4a61 - Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: 7eb9db39f4c67e08386d07b0e6260301 - Added Registry Key:
Key: HKU\S-1*\%CURRENTVERSIONREG%i\Internet Settings\ZoneMap\Domains\neededware.com - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\neededware.com - Added Registry Key:
Key: HKLM\SOFTWARE\ndwserv* - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Policies\Explorer\Run Value: VISK - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\??????.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\???.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\????.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\?????.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\??????.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\???.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\????.exe wildData=TRUE - Added Registry Data:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\?????.exe wildData=TRUE
