Threat Information for "Trojan.DownLoader.8053"
| Summary | Top |
- Name: Trojan.DownLoader.8053
- Aliases:
- Date Discovered: 2006-10-26
- Protection Added: 2006-11-02
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Runs as a service 3: Consistently named 4: Consistent file contents 5: Creates new registry entries with consistent data 6: Runs as a BHO or shell extension -- Damage/Intrusion/Annoyance 1: Significantly slows down the computer 2: Creates new files 3: Downloads other threats -- Propagation/Saturation 1: Infects from a link in an email 2: Infects from an email attachment 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %USERAPPDATA%\Microsoft\Address Book\*.wab MD5: 758498d6b275e58e3c83494ad6080ac2 - Added Directory/File:
FilePath: %USERLOCALSETTINGS%\Temp\*.* MD5: ef80605147769ae2308162857e138390 - Added Directory/File:
FilePath: %SYSTEMDIR%\biasfardihuy.dll - Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: 4d837e1558925bc0f5e877f5622e3d72 - Added Directory/File:
FilePath: %ROOTDRIVE%* MD5: 5b42f0e174b6b0f0c697585dac2df6df - Added Directory/File:
FilePath: %SYSTEMDIR%\birdasfihuy32.dll - Added Registry Value:
Key: HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile Value: EnableFirewall - Added Registry Value:
Key: HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile Value: EnableFirewall - Added Registry Data:
Key: HKU\S-*\Software\Classes\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: birdasfihuy32 - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Explorer\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: birdasfihuy32 - Added Registry Data:
Key: HKU\S-*\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: birdasfihuy32 - Added Registry Data:
Key: HKCU\Software\Classes\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: birdasfihuy32 - Added Registry Data:
Key: HKCR\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: birdasfihuy32
