Troj/Digits-B

Category: Viruses and Spyware Protection available since:26 Jan 2004 00:00:00 (GMT)
Type: Trojan Last Updated:26 Jan 2004 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Digits-B could exist in any folder with any of the following filenames:

iexplorer.exe
explore.exe
exploreer.exe
sistem.exe
systeem.exe
critical.exe
directx.exe
internet.exe
window.exe
winmgnt.exe
clrssn.exe
splorer32.exe
win32e.exe
inetinf.exe
directx32.exe
uninstall.exe
time.exe
volume.exe
autorun.exe
user32.exe

The Trojan's filename will change after each execution along with the file associated with the following start up entries that are created in the registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\coolwebprogram
= <filename>

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\coolwebprogram
= <filename>

The following Internet Explorer registry entries will be changed so that IE features such as the startup and search pages point to smartsearch.ws:

HKLM\Software\Microsoft\Internet Explorer\Main\Search Bar
HKLM\Software\Microsoft\Internet Explorer\Main\Search Page
HKLM\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\Software\Microsoft\Internet Explorer\Search\SearchAssistant

Several entries will be added to Internet Explorer's favourites list, all of which point to smartsearch.ws.

Troj/Digits-B will periodically attempt to update itself over the internet.

The local hosts file will be changed so that a number of URLs will point to the same web address.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy