Troj/Comhush-A is a Trojan for the Windows platform.
Troj/Comhush-A includes functionality to access the internet and communicate with a remote server via HTTP.
Troj/Comhush-A attempts to steal CD keys relating to a number of online games.
When first run Troj/Comhush-A copies itself to <Windows>\smss.exe and creates the file <Temp>\27724.txt.
The file <Windows>\smss.exe is registered as a new system driver service named "apman", with a display name of "Application Management Browser" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\apman\
Registry entries are set as follows:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
SUPPORT_x86
0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
DontDisplayLastUserName
1
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N
HKLM\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous
1