Troj/MSIL-NV

Category: Viruses and Spyware Protection available since:22 Mar 2014 02:31:18 (GMT)
Type: Trojan Last Updated:22 Mar 2014 02:31:18 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/MSIL-NV exhibits the following characteristics:

File Information

File type
Windows executable

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Application Data\Hyam\tumu.tmp
  • c:\Documents and Settings\test user\Application Data\Puyke\wulyi.exe
  • c:\Documents and Settings\test user\Application Data\Hyam\tumu.acl
Modified Files
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Inbox.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Folders.dbx
  • %PROFILE%\Local Settings\Application Data\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Microsoft\Outlook Express\Offline.dbx
Registry Keys Created
  • HKCU\Identities
    Identity Login
    0x00098053
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Poxoef
    "c:\Documents and Settings\test user\Application Data\Puyke\wulyi.exe"
  • HKCU\Software\Microsoft\Internet Explorer\Privacy
    CleanCookies
    0x00000000
  • HKCU\Software\Microsoft\Ocuz
    Hyyzinux
    +□□□□□□@□□□□□□□P□□□/□0□□□□□□□□□@□□□□□□□P□□□/□0□□□□□□□□□@□□□□□□□P□□□/□0□□ @□□□□□□□p□□□□□□□□pg□ <□□□□□□□□@□□□□□□□P□□□/□0□□□□□□□□□@□□□□□□□P□□□/□0□□□□□□□□□@□□□□□□□P□□□/□0□□□□□□g□□=□P4□p□□@m□0□□□M□□□□□□□□@□□□□□□□P□□□/□0□□□□□□□□□@□□□□□□□P□□□/□0□□
Registry Keys Modified
  • HKCU\Identities\{E2564744-A8ED-497D-924B-A548B20CA034}\Software\Microsoft\Outlook Express\5.0
    Compact Check Count
    0x00000008
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\UnreadMail\user@example.com
    TimeStamp
    90 c7 55 4f 47 45 cf 01
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4
    1609
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0
    1609
    0x00000000
Processes Created
  • c:\Documents and Settings\test user\application data\puyke\wulyi.exe
  • c:\windows\system32\cmd.exe
DNS Requests
  • gadgetbidkenya.com

download Try Sophos products for free
Download now