Troj/Cosiam-G

Category: Viruses and Spyware Protection available since:17 Apr 2006 00:00:00 (GMT)
Type: Trojan Last Updated:17 Apr 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Cosiam-G is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Cosiam-G includes functionality to access the internet and communicate with a remote server via HTTP. Troj/Cosiam-G is a backdoor Trojan which allows a remote intruder to gain access and control over the computer.

Troj/Cosiam-G includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/Cosiam-G copies itself to <System>\eventwvr.exe and creates the file <System>\bin29a.log.

The following registry entries are created to run eventwvr.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
eventwvr
<System>\eventwvr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
eventwvr
<System>\eventwvr.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
eventwvr
<System>\eventwvr.exe

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy