Troj/Haxdoor-Y

Category:	Viruses and Spyware
Type:	Trojan
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Haxdoor-Y is a backdoor Trojan that provides unauthorised access to an infected system.

Troj/Haxdoor-Y attempts to use stealthing to prevent the detection and removal of its files. Troj/Haxdoor-Y is a backdoor Trojan that provides unauthorised access to an infected system.

Troj/Haxdoor-Y attempts to use stealthing to prevent the detection and removal of its files.

When the Trojan is installed the following files may be created:

&ltSYSTEM&gt\avpx32.dll
&ltSYSTEM&gt\avpx32.sys
&ltSYSTEM&gt\avpx64.sys
&ltSYSTEM&gt\p3.ini
&ltSYSTEM&gt\qy.sys
&ltSYSTEM&gt\qz.dll
&ltSYSTEM&gt\qz.sys

The Trojan registers AVPX32.SYS as a service process AVPX32 with display name "AVPX TCP". The Trojan also registers AVPX64.SYS as a driver AVPX64 with display name "AVPX64 TCP".

The Trojan creates the following registry entries in order to run itself on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpx32
DllName
61,76,70,78,33,32,2e,64,6c,6c,00

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpx32
Startup
MmMapView3

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpx32
Impersonate
1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpx32
Asynchronous
1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avpx32
MaxWait
1

Try Sophos products for free
Download now

Troj/Haxdoor-Y

Free Mac Anti-Virus

Popular topics