Threat Information for "Trojan.Proxy.1082"
| Summary | Top |
- Name: Trojan.Proxy.1082
- Aliases:
- Date Discovered: 2006-12-05
- Protection Added: 2006-12-11
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Runs as a service 3: Creates new registry entries with consistent data 4: Consistent file contents 5: Consistently named -- Privacy Risks/Security Changes 1: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Creates new files 2: Changes browser search settings 3: Changes personal browser settings -- Propagation/Saturation 1: Installed by other infections 2: Infects from a link in an email 3: Infects from embedded code in an email
| Technical Details | Top |
- Added Directory/File:
FilePath: %WINDIR%\system\svchostw.dll - Added Directory/File:
FilePath: %WINDIR%\system\svchctrl.dll - Added Directory/File:
FilePath: %WINDIR%\system\svchostw.exe - Added Directory/File:
FilePath: %WINDIR%\system\svchctrl.exe - Added Registry Key:
Key: HKLM\%CURRENTVERSIONREG%\ShellBot - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: svchctrl - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: WindowsUpdate - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: svchctrl - Added Registry Value:
Key: HKU\S-*\%CURRENTVERSIONREG%\Run Value: svchctrl
