Threat Information for "Trojan.Protect"

Removal

Summary

Description

Technical Details

Removal

Top

StopSign will automatically remove this infection with a paid membership.

Summary

Top

Name: Trojan.Protect
Aliases:
Date Discovered: 2007-09-29
Protection Added: 2007-10-08

Description

Top

-- Ease of Removal

1: Runs as a BHO or shell extension
2: Injects DLLs into running processes
3: Consistently named
4: Consistent file contents
5: Creates new registry entries with consistent data

-- Damage/Intrusion/Annoyance

1: Creates new files

-- Propagation/Saturation

1: Infects with other exploitation method

Technical Details

Top

Added Directory/File:
FilePath: *.dll MD5: 3b9bc943b8b58b035fabf18660ff65f1
Added Directory/File:
FilePath: %USERDESKTOP%\*.url FileSize: 226
Added Directory/File:
FilePath: %USERDESKTOP%\msqnx.dll*
Added Directory/File:
FilePath: %COMMONDESKTOP%\*.url FileSize: 226
Added Registry Value:
Key: HKLM\%CURRENTVERSIONREG%\ShellServiceObjectDelayLoad Value: msqnx
Added Registry Data:
Key: HKLM\SOFTWARE\Classes\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: %WINDIR%\msqnx.dll
Added Registry Data:
Key: HKCR\CLSID\*\InProcServer32 Value: [RANDOM VALUE] Data: %WINDIR%\msqnx.dll

Membership
Products
- StopSign
- System Requirements
Downloads
Support
- FAQ
- Getting Started
- Helpfiles
- Library
Company
- Press
  - Software Requests
- Investors
- Careers
  - Listings
- Partners
  - Computer Repair Shop
- Trademarks
- Privacy
- Legal
  - EULA
  - T4C Terms
- Terms Of Use
Contact
- Survey
Research
- Search
- Glossary
- Whitepapers
  - Antivirus
  - Firewall
  - Phishing
  - Spyware
- Submit Sample
Sitemap