Troj/CWS-E

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/CWS-E is a dropper Trojan for the Windows platform.

Troj/CWS-E will drop and register a DLL file named SEHLP.DLL, detected as Troj/CWS-C.

When first run, Troj/CWS-E will copy itself to the Windows system folder as CTFMON32.EXE and CSRSSU.EXE. In order to run automatically each time a user logs on, Troj/CWS-E will set the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON32
<Windows system folder>\CTFMON32.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CSRSSU
<Windows system folder>\CSRSSU.EXE

The following registry branches will also be created:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\{3BA765C2-08DB-4fe2-9279-311CA10D582A}

HKCR\SEHLP.SEDP
HKCR\SEHLP.SEDP.1
HKCR\CLSID\{3BA765C2-08DB-4fe2-9279-311CA10D582A}
HKCR\Interface\{0B6EF17E-18E5-4449-86EA-64C82D596EAE}
HKCR\Interface\{B1E68D42-02C4-465B-8368-5ED9B732E22D}
HKCR\TypeLib\{670ED4EE-ADBA-47CB-A5AD-D53A9F7C3C94}
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\WTLBAstp
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\MSMsgSvc

For further information, see Troj/CWS-C.

Try Sophos products for free
Download now

Troj/CWS-E

Free Mac Anti-Virus

Popular topics