Threat Information for "Trojan.ProAgent.21"
| Summary | Top |
- Name: Trojan.ProAgent.21
- Aliases:
- Date Discovered: 2007-10-27
- Protection Added: 2007-10-29
| Description | Top |
-- Ease of Removal 1: Uses running processes 2: Consistently named 3: Consistent file contents 4: Creates new registry entries with consistent data -- Privacy Risks/Security Changes 1: Mimics legitimate file names -- Damage/Intrusion/Annoyance 1: Creates new files -- Propagation/Saturation 1: Spreads through Peer-2-Peer software
| Technical Details | Top |
- Added Directory/File:
FilePath: %ROOTDRIVE%Omerta - Added Directory/File:
FilePath: %WINDIR%\qservice.exe - Added Directory/File:
FilePath: %ROOTDRIVE%Omerta\*.bat - Added Directory/File:
FilePath: %SYSTEMDIR%\drivers\KeenSense.sys - Added Directory/File:
FilePath: %WINDIR%\target.exe - Added Directory/File:
FilePath: %USERDESKTOP%\Omerta.lnk - Added Directory/File:
FilePath: %WINDIR%\k_urlmon.dll - Added Directory/File:
FilePath: %ROOTDRIVE%Omerta\*.scr - Added Directory/File:
FilePath: %SYSTEMDIR%\drivers\ksdevice.sys - Added Directory/File:
FilePath: %TEMPDIR%\*.htm - Added Directory/File:
FilePath: %WINDIR%\kurlmon.dll - Added Directory/File:
FilePath: %WINDIR%\services.dll - Added Registry Value:
Key: HKCU\Software\Microsoft\Windows Value: pPid - Added Registry Value:
Key: HKCU\Software\Microsoft\Windows Value: pVer - Added Registry Value:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: qservices - Added Registry Value:
Key: HKCU\Software\Microsoft\Windows Value: qservices - Added Registry Data:
Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %WINDIR%\qservice.exe
