Threat Information for "Trojan.DownLoader.2991"
| Summary | Top |
- Name: Trojan.DownLoader.2991
- Aliases:
- Date Discovered: 2006-12-06
- Protection Added: 2006-12-07
| Description | Top |
-- Ease of Removal 1: Creates new registry entries with consistent data 2: Consistent file contents 3: Consistently named 4: Uses running processes -- Privacy Risks/Security Changes 1: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Significantly slows down the computer 2: Creates new files 3: Downloads other threats -- Propagation/Saturation 1: Infects from a link in an email 2: Infects from an email attachment 3: Installed by other infections
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: bc6e9fb694c51177a22071705c1a9b43 - Added Directory/File:
FilePath: %SYSTEMDIR%\sfp.exe - Added Directory/File:
FilePath: %SYSTEMDIR%\*.* MD5: 53da800090cc045ecbb44783111ec638 - Added Registry Key:
Key: HKLM\SOFTWARE\ndwserv030104 - Added Registry Key:
Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\neededware.com - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: sfp - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\policies\Explorer\Run Value: sfp
