Troj/Banworm-H

Category:	Viruses and Spyware	Protection available since:	15 Sep 2006 00:00:00 (GMT)
Type:	Trojan	Last Updated:	15 Sep 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Banworm-H is a Trojan for the Windows platform.

Troj/Banworm-H includes functionality to:

- access the internet and communicate with a remote server via HTTP
- steal information

Troj/Banworm-H may modify the HOSTS file which maps the URLs of selected websites to a loopback IP address or to its own IP addresses, in order to prevent access to certain sites and to control/hijack browsing. By this technique Troj/Banworm-H tries to block access to several security related sites and hijack a number of banking related sites.

When Troj/Banworm-H is installed the following files are created:

<Windows>\tmp.log
<Windows>\uid.id

These files can be safely removed.

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32net
DllName
crypt32net.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32net
Logon
ChainWlxLogoffEvent

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32net
Asynchronous
1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32net
Impersonate
0

Try Sophos products for free
Download now

Troj/Banworm-H

Free Mac Anti-Virus

Popular topics