Troj/Bypass-E

Category: Viruses and Spyware Protection available since:29 Dec 2008 02:09:10 (GMT)
Type: Trojan Last Updated:29 Dec 2008 02:09:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Bypass-E is a Trojan for the Windows platform.

When run Troj/Bypass-E creates the file <System>\<random characters>.dll (detected as Troj/Virtum-Gen).

Troj/Bypass-E subsequently registers the DLL as a BHO creating registry entries under:

HKCR\CLSID\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}\InprocServer32

and setting the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<random characters>
Asynchronous
1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<random characters>
DllName
<random characters>.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<random characters>
Impersonate
0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<random characters>
Logoff
f

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\<random characters>
Logon
o

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}
<blank>

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy