Threat Information for "Trojan.Proxy.1052"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.Proxy.1052
  • Aliases:
  • Date Discovered: 2006-11-03
  • Protection Added: 2006-11-10
Description Top 
-- Ease of Removal

1: Consistent file contents
2: Runs as a service
3: Uses redundant/watcher processes
4: Uses running processes
5: File names randomly generated from a hard-coded list
6: Creates new registry entries randomly from a hard-coded list

-- Damage/Intrusion/Annoyance

1: Changes personal browser settings
2: Significantly slows down the computer
3: Creates new files
4: Autoruns at startup without an option to be disabled
5: Downloads other threats

-- Propagation/Saturation

1: Spreads to other computers on the same network
2: Infects through a blind IP address attack
Technical Details Top
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\inistone.ini
  • Added Registry Value:
    Key: HKU\S-1*\%CURRENTVERSIONREG%\Run Value: stonedrv
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\RunServices Value: stonedrv
  • Added Registry Value:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: stonedrv
  • Added Registry Value:
    Key: HKCU\%CURRENTVERSIONREG%\Run Value: stonedrv