Troj/Goldun-BX

Category: Viruses and Spyware Protection available since:20 Feb 2006 00:00:00 (GMT)
Type: Trojan Last Updated:20 Feb 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Goldun-BX is a Trojan for the Windows platform.

The Trojan attempts to steal login details and block access to anti-virus related web and FTP sites. Troj/Goldun-BX is a Trojan for the Windows platform.

The Trojan attempts to steal login details and block access to anti-virus related web and FTP sites.

When Troj/Goldun-BX is installed the following files are created:

<Windows system folder>\directout.sys
<Windows system folder>\directut.dll

The file directout.sys is detected as Troj/Haxdor-Gen and the file directut.dll is detected as Troj/Goldun-BX.

The following registry entries are created to run code exported by directut.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directut
DllName
directut.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directut
Startup
directut

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directut
Impersonate
1

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy