Troj/Dloader-KS is a downloader Trojan for the Windows platform.
The Trojan will register itself as a browser helper object so that it can run whenever
Internet Explorer runs.
Troj/Dloader-KS may download several files from http://rf104.com or http://75tz.com. While many of these files are executables, they are named in the form img#.gif, where # is a digit.
Many of these files have already been recognised as malware.
Troj/Dloader-KS creates the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
\(B7AE4D20-4C94-CDD2-2CD2-2309FBB10CD0)\
@ = ""
HKCR\CLSID\(B7AE4D20-4C94-CDD2-2CD2-2309FBB10CD0)\InprocServer32\
@ = "<path to dll>"
HKCR\CLSID\(B7AE4D20-4C94-CDD2-2CD2-2309FBB10CD0)\InprocServer32\
ThreadingModel = "Apartment"