Troj/Abox-A

Category: Viruses and Spyware Protection available since:02 May 2006 00:00:00 (GMT)
Type: Trojan Last Updated:02 May 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Abox-A is a downloading Trojan.

The Trojan writes an ftp script to a file in the Windows temporary folder. The script is then executed, resulting in the following files being downloaded to the Windows folder:

abox.exe
logon.exe
update.exe
logon.txt
abox.bup

At the time of writing, the EXE files are all detected as Troj/Abox-A while the other two files are harmless.

Troj/Abox-A creates the following registry entries so that the downloaded files are run during login:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
ABox = "C:\\WINDOWS\\ABox.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
WinLogon = "C:\\WINDOWS\\logon.exe"

The Trojan also creates the following key and several entries below it for its own use:

HKLM\Software\Carmen\

Troj/Abox-A may periodically transmit information about the infected computer via HTTP forms.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy