Troj/Mdrop-ELD

Category:	Viruses and Spyware	Protection available since:	15 Aug 2012 20:39:47 (GMT)
Type:	Trojan	Last Updated:	16 Aug 2012 11:28:52 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Troj/Mdrop-ELD include:

Example 1

File Information

Size: 966K
SHA-1: 502920a97e01c2d022ac401601a311818f336542
MD5: d214c717a357fe3a455610b197c390aa
CRC-32: 2468b2cc
File type: Windows executable
First seen: 2007-05-30

Other vendor detection

Kaspersky: HEUR:Trojan.Win32.Generic

Runtime Analysis

Registry Keys Created

HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Security
Security
□□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Enum
NextInstance
0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation
DependOnGroup
□
HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr
Description
Enables the Distributed Link Tracking Client service within the same domain to provide more reliable and efficient maintenance of links within the domain. If this service is disabled, any services that explicitly depend on it will fail to start.

Processes Created

c:\windows\system32\trksvr.exe

Example 2

File Information

Size: 966K
SHA-1: 7c0dc6a8f4d2d762a07a523f19b7acd2258f7ecc
MD5: b14299fd4d1cbfb4cc7486d978398214
CRC-32: 1357a484
File type: Windows executable
First seen: 2012-08-15

Other vendor detection

Kaspersky: HEUR:Trojan.Win32.Generic

Runtime Analysis

Copies Itself To

C:\WINDOWS\system32\trksvr.exe

Registry Keys Created

HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Enum
NextInstance
0x00000001
HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr\Security
Security
□□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
HKLM\SYSTEM\CurrentControlSet\Services\TrkSvr
Description
Enables the Distributed Link Tracking Client service within the same domain to provide more reliable and efficient maintenance of links within the domain. If this service is disabled, any services that explicitly depend on it will fail to start.
HKLM\SYSTEM\CurrentControlSet\Services\lanmanworkstation
DependOnGroup
□

Processes Created

c:\windows\system32\trksvr.exe

Try Sophos products for free
Download now

Security Goals

INDUSTRIES & SECTORS

COMPANY SIZE

PRODUCT FEATURES

CASE STUDIES

Company Overview

Our People

INNOVATIVE TECHNOLOGY

ALERT SERVICES

Product Features

Product Families

Complete Security

PRODUCTS BY NAME

Free Tools

Next Steps

RESOURCES

FIND AN ANSWER

Support by Product

Maintain your Product

Hire an Expert

WHAT'S POPULAR

THREAT ANALYSIS

THREAT STATISTICS

WHAT'S POPULAR

Threat Definitions

THREAT MONITORING

SECURITY HUBS

LIBRARY

Whats Popular

WHAT'S NEW

Community

IT SECURITY TRAINING

ANATOMY OF AN ATTACK

RESELLER PARTNERS

Managed Service Providers

SYSTEM INTEGRATORS

OEM and Technology

WHAT'S POPULAR

Troj/Mdrop-ELD

Example 1

File Information

Other vendor detection

Runtime Analysis

Registry Keys Created

Processes Created

Example 2

File Information

Other vendor detection

Runtime Analysis

Copies Itself To

Registry Keys Created

Processes Created

Free Mac Anti-Virus

Popular topics