Threat Information for "Trojan.DownLoader.12196"
| Summary | Top |
- Name: Trojan.DownLoader.12196
- Aliases:
- Date Discovered: 2006-11-02
- Protection Added: 2006-11-09
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Runs as a service 3: Consistently named 4: Consistent file contents 5: Creates new registry entries with consistent data -- Damage/Intrusion/Annoyance 1: Significantly slows down the computer 2: Creates new files 3: Downloads other threats -- Propagation/Saturation 1: Infects from a link in an email 2: Infects from an email attachment 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*\*.* MD5: 380cf13015f98145c806c279f976a20e delFolder=TRUE - Added Directory/File:
FilePath: %WINDIR%\Application Data\Emdo - Added Directory/File:
FilePath: %WINDIR%\temp\????\index.dat - Added Directory/File:
FilePath: %SYSTEMDIR%\wnscp??.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: 380cf13015f98145c806c279f976a20e - Added Directory/File:
FilePath: %SYSTEMDIR%\ywfqekcf.dll MD5: 79dc27fb954ef8830a386378a1f3675b - Added Directory/File:
FilePath: %USERLOCALSETTINGS%\Temp\ctxad.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\hlpwinm*.exe - Added Directory/File:
FilePath: %USERDESKTOP%\PartyPoker $100 Free.url - Added Directory/File:
FilePath: %COMMONFILESDIR%\*\*.* MD5: 380cf13015f98145c806c279f976a20e delFolder=TRUE - Added Directory/File:
FilePath: %SYSTEMDIR%\topbar??.jpg - Added Directory/File:
FilePath: %PROGRAMFILESDIR%\*.* MD5: F424C3ABDA93C5F778A0D361AA6AE88F - Added Directory/File:
FilePath: %COMMONDOCUMENTS%\*.* MD5: 380cf13015f98145c806c279f976a20e - Added Directory/File:
FilePath: %SYSTEMDIR%\Emdo - Added Directory/File:
FilePath: %SYSTEMDIR%\????\explorer.exe - Added Directory/File:
FilePath: %WINDIR%\*\*.* MD5: 380cf13015f98145c806c279f976a20e delFolder=TRUE - Added Directory/File:
FilePath: %WINDIR%\TEMP\????\index.dat delFolder=TRUE - Added Directory/File:
FilePath: %USERLOCALSETTINGS%\Temp\????\index.dat delFolder=TRUE - Added Directory/File:
FilePath: %SYSTEMDIR%\wint??.exe - Added Directory/File:
FilePath: %USERPERSONAL%\utas\dexplore.exe MD5: 380cf13015f98145c806c279f976a20e delFolder=TRUE - Added Directory/File:
FilePath: %SYSTEMDIR%\*.exe MD5: 4f3dd0ffb3e41c5f74b5b0d8c1f10bb5 - Added Directory/File:
FilePath: %SYSTEMDIR%\mlnwinm*.exe - Added Directory/File:
FilePath: %USERDESKTOP%\Click to Find and Fix Errors.url - Added Directory/File:
FilePath: %USERPERSONAL%\*.* MD5: 380cf13015f98145c806c279f976a20e - Added Directory/File:
FilePath: %SYSTEMDIR%\TFTP*. - Added Directory/File:
FilePath: %SYSTEMDIR%\????\index.dat - Added Registry Key:
Key: HKLM\SOFTWARE\Classes\CLSID\{E911ECF5-7834-26C4-16F1-05E299017BE2} - Added Registry Key:
Key: HKCR\CLSID\{E911ECF5-7834-26C4-16F1-05E299017BE2} - Added Registry Key:
Key: HKLM\%BHOREG%\{E911ECF5-7834-26C4-16F1-05E299017BE2} - Added Registry Key:
Key: HKCR\CLSID\{8790FA16-3DD6-6523-F2F9-601340DD3190} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: winsys001 - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks Value: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks Value: {E911ECF5-7834-26C4-16F1-05E299017BE2} - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: winsys001 - Added Registry Value:
Key: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks Value: _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: ndrv - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: ? - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: Emdo - Added Registry Data:
Key: HKU\S-1*\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: ?
