Troj/Ciadoor-CB

Category: Viruses and Spyware Protection available since:11 May 2006 00:00:00 (GMT)
Type: Trojan Last Updated:11 May 2006 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Ciadoor-CB is a Trojan for the Windows platform.

When first run Troj/Ciadoor-CB copies itself to <System>\AlVXIlNdgm.ini and creates the following files:

<System>\del32.bat - this file may be deleted
<System>\wsock32.sys - detected as Troj/Ciadoor-CB

The file wsock32.sys is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\(E14DCE67-8FB7-4721-8149-179BAA4D792C)

HKCR\CLSID\(E14DCE67-8FB7-4721-8149-179BAA4D792C)

HKCR\Interface\(0958C4C9-77B0-4AA8-9364-7886BFCA7E39)

HKCR\N.Cs4\

HKCR\TypeLib\(C9F1C5A0-F3D8-48E2-8B8C-3E86B4CAC7E3)

The following registry entry is set:

HKCU\Software\VB and VBA Program Settings\set\set
set
AlVXIlNdgm.ini

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy