Troj/Dloader-EW

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Dloader-EW is a downloader Trojan for the Windows platform.

In order to hide its activity and bypass firewalls, Troj/Dloader-EW will inject downloading code into the following processes:

iexplore.exe
opera.exe
myie.exe
mozilla.exe

Under Windows NT-based systems (NT, 2000, XP), Troj/Dloader-EW has the ability to set the following registry entries in order to run automatically on system startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore
DllName
<path to Trojan DLL>

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore
Startup
expF4

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore
Impersonate
1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore
Asynchronous
1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplore
MaxWait
1

Under Win9x (95, 98, ME) systems, Troj/Dloader-EW has the ability to set the following registry entries in order to run automatically on system startup:

HKLM\System\CurrentControlSet\Control\MPRServices\TestService
DllName
<path to Trojan DLL>

HKLM\System\CurrentControlSet\Control\MPRServices\TestService
EntryPoint
expF4

HKLM\System\CurrentControlSet\Control\MPRServices\TestService
StackSize
<Number>

Try Sophos products for free
Download now

Troj/Dloader-EW

Free Mac Anti-Virus

Popular topics