Troj/ConHook-B is a Trojan for the Windows platform.
The Trojan attempts to download and run further malicious code without the user's knowledge.
Troj/ConHook-B drops the component REQ.DLL in the Windows system folder.
The following registry entries are created to run code exported by req.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\req\
DllName =
<system>\req.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\req\
Impersonate =
0
The dropped file req.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\[1C044AAD-7955-4CBD-8175-501A165C4E5D]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\[1C044AAD-7955-4CBD-8175-501A165C4E5D]