Overview
| Date Discovered | 9-Jul-12 12:07:00 |
| Added DAT Info | 9.135.6547 |
| Threat assesment | Low |
| Virus Type | Trojan |
| Affected OS | Windows Vista Windows XP Windows 2003 Server Windows 2000 |
| Length | 50688 |
| Aliases | Trojan-Downloader.Win32.Injecter.hpx (AVP) |
Technical Information
- Copies itself as csrss.exe in the %Application Data% folder.
- Adds the value
Winternals = %Application Data%\csrss.exe
under the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
in the Windows registry to hook system startup.
- This trojan attempts to download malicious files on the victim machine.
Removal Procedure
- Update the product to the latest version.
- Restart the system in safe mode.
- Run a full system scan.
- Delete all the files detected as infected with this virus.
- Open the Windows Registry Editor.
- Delete the value
Winternals = %Application Data%\csrss.exe
under the key
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
- Close the Windows Registry Editor.
- Restart the system.
No comments:
Post a Comment