Troj/Cimuz-Gen is a family of Trojans for the Windows platform.
Troj/Cimuz-Gen is typically installed to the Windows system folder and a new value is created under the following registry entry to run Troj/Cimuz-Gen on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Troj/Cimuz-Gen Trojans typically install a dll to the Windows system folder and register this dll as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer.
At the time of writing the dll name is usually of the form ipv<number>mons.dll, but the name has been known to change in some variants.
Troj/Cimuz-Gen Trojans typically alter registry entries under the following, affecting internet security:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters \FirewallPolicy\StandardProfile\AuthorizedApplications\List
The following registry entry also may be set:
HKCU\Software\Microsoft\Internet Explorer\Main
Enable Browser Extensions
yes