Threat Information for "Win32.HLLW.Pytica"
| Summary | Top |
- Name: Win32.HLLW.Pytica
- Aliases:
- Date Discovered: 2007-03-07
- Protection Added: 2007-03-13
| Description | Top |
-- Ease of Removal 1: Creates new registry entries with consistent data 2: Consistent file contents 3: Consistently named 4: Uses running processes -- Privacy Risks/Security Changes 1: Opens backdoors 2: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Autoruns at startup without an option to be disabled 2: Creates new files -- Propagation/Saturation 1: Installed by other infections 2: Infects from an email attachment 3: Infects from a link in an email 4: Infects through Internet Relay Chat (IRC)
| Technical Details | Top |
- Added Directory/File:
FilePath: %SYSTEMDIR%\taskkill.com FileSize: 2 - Added Directory/File:
FilePath: %SYSTEMDIR%\winlogon.exe MD5: 51c08480dae645af3796e62b4e534231 - Added Directory/File:
FilePath: %SYSTEMDIR%\netstat.com FileSize: 2 - Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\Run Value: winlogon - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: winlogon
