Troj/Agent-ILJ

Category: Viruses and Spyware Protection available since:09 Dec 2008 23:55:08 (GMT)
Type: Trojan Last Updated:09 Dec 2008 23:55:08 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-ILJ is a Trojan for the Windows platform and is a member of the Virtumundo family of Trojans.

When run Troj/Agent-ILJ creates the files:
<System>\<file 1 with name made of random characters>.dll - detected as Troj/Agent-ILJ
<System>\<file 2 with name made of random characters>.dll - detected as Troj/Agent-ILJ
<System>\<file 3 with name made of random characters>.dll - detected as Troj/Agent-ILJ

HKCR\CLSID\{c0adb591-4670-419a-9a62-1a490056f806}\InprocServer32\
(default)
<System>\<file 1 with name made of random characters>.dll

HKCR\CLSID\{c0adb591-4670-419a-9a62-1a490056f806}\InprocServer32\
ThreadingModel
Both

HKLM\SOFTWARE\Microsoft\Security Center
UpdatesDisableNotify
1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
LoadAppInit_DLLs
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
govurarope
Rundll32.exe <System>\<file 2 with name made of random characters>.dll,s

HKLM\SOFTWARE\Microsoft\nidikesa
dihiseyo

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
<System>\<file 3 with name made of random characters>.dll

HKLM\SYSTEM\CurrentControlSet\Services\wuauserv
Start
4

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy