Thursday, July 26, 2012

Trojan (003ab71d1)


Overview
Date Discovered6-Jul-12 12:07:00
Added DAT Info9.142.7000
Threat assesmentLow
Virus TypeTrojan
Affected OSWindows Vista
Windows XP
Windows 2003 Server
Windows 2000
Length49664
AliasesTrojan.Win32.Jorik.Androm.ni (AVP)
Technical Information
  • Copies itself as svchost.exe in the %Documents and Settings%\All Users folder
  • Adds the value
SunJavaUpdateSched = %Documents and Settings%\All Users\svchost.exe
under the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
in the Windows registry to hook system startup.
  • This trojan attempts to download malicious files on the victim machine.
Removal Procedure
  • Update the product to the latest version.
  • Restart the system in safe mode.
  • Run a full system scan.
  • Delete all the files detected as infected with this virus.
  • Open the Windows Registry Editor.
  • Delete the value
SunJavaUpdateSched = %Documents and Settings%\All Users\svchost.exe
under the key
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  • Close the Windows Registry Editor.
  • Restart the system.
Posted by at No comments:

Trojan-Downloader (00321d031)



Overview
Date Discovered9-Jul-12 12:07:00
Added DAT Info9.135.6547
Threat assesmentLow
Virus TypeTrojan
Affected OSWindows Vista
Windows XP
Windows 2003 Server
Windows 2000
Length50688
AliasesTrojan-Downloader.Win32.Injecter.hpx (AVP)
Technical Information
  • Copies itself as csrss.exe in the %Application Data% folder.
  • Adds the value
Winternals = %Application Data%\csrss.exe
under the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
in the Windows registry to hook system startup.
  • This trojan attempts to download malicious files on the victim machine.
Removal Procedure
  • Update the product to the latest version.
  • Restart the system in safe mode.
  • Run a full system scan.
  • Delete all the files detected as infected with this virus.
  • Open the Windows Registry Editor.
  • Delete the value
Winternals = %Application Data%\csrss.exe
under the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
  • Close the Windows Registry Editor.
  • Restart the system.
Posted by at No comments:
Subscribe to: Posts (Atom)