Troj/Hearse-A

Category: Viruses and Spyware Protection available since:27 Mar 2006 00:00:00 (GMT)
Type: Trojan Last Updated:27 Mar 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Hearse-A is a Trojan for the Windows platform.

The Trojan creates two files detected as members of the Haxdoor family of password stealing Trojans. Troj/Hearse-A is a Trojan for the Windows platform.

When run the Trojan creates the following files:

<Windows system folder>\zopenssl.dll
<Windows system folder>\zopenssld.sys

The file zopenssl.dll is detected as Troj/Haxdor-Fam and the file zopenssld.sys is detected as Troj/Haxdor-Gen.

The following registry entries are created in order to load the zopenssl.dll file each time a user logs on:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zopenssl
Asynchronous
dword:00000001

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zopenssl
DllName
zopenssl.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zopenssl
Impersonate
dword:00000001

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zopenssl
MaxWait
dword:00000001

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zopenssl
nk48id
"[88BF38A86A50D1EAA]"

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\zopenssl
Startup
"zopenssl"

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy