Troj/Buzus-AD

Category:	Viruses and Spyware	Protection available since:	26 Feb 2009 16:16:40 (GMT)
Type:	Trojan	Last Updated:	26 Feb 2009 16:16:40 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Buzus-AD is a Trojan for the Windows platform.

Troj/Buzus-AD includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Buzus-AD copies itself to:

<System>\xccef090131.exe
<System>\inf\xccefb090131.scr

and creates the following files:

<System>\inf\xccdfb16_090131.dll
<Windows>\xccdf16_090131a.dll
<Windows>\xccdf32_090131a.dll
<Windows>\xccwinsys.ini

The files xccdf16_090131a.dll and xccdfb16_090131.dll are detected as Mal/Pophot-A and the file xccdf32_090131a.dll is detected as Mal/Behav-024.

Troj/Buzus-AD also copies the legitimate Windows system file rundll32.exe to:

<System>\inf\rundll33.exe

The following registry entry is created to run xccdf16_090131a.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run
xccinit
<System>\inf\rundll33.exe <Windows>\xccdf16_090131a.dll xccd16

Troj/Buzus-AD changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\

Try Sophos products for free
Download now

Troj/Buzus-AD

Free Mac Anti-Virus

Popular topics