Troj/Mdrop-FWI

Category: Viruses and Spyware Protection available since:15 Mar 2014 04:02:54 (GMT)
Type: Trojan Last Updated:15 Mar 2014 04:02:54 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Mdrop-FWI exhibits the following characteristics:

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\vsodscpl.dll
  • C:\Program Files\Common Files\Services\mcafee.lib
  • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\main.lib
  • C:\Program Files\Common Files\Services\vsodscpl.dll
  • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\mcafee.lib
  • C:\Program Files\Common Files\Services\main.lib
  • c:\Documents and Settings\test user\Local Settings\Temp\RarSFX0\MicroTask.exe
  • C:\Program Files\Common Files\Services\MicroTask.exe
Registry Keys Created
  • HKCR\FAST
    CLSID
    4□□P□□@□□□□□`□□□□□□□□ □□0□□□□□P□□@□□@□□□□□P□□0□□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\Credential Manager Command Line Utility\Security
    Security
    □□□@□□□□□□□□□□□□□□@□□□□□□□□□□□ □□□□□□□□□□□ □□@□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□@□□□□□□□□@□□□□□ □□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□□@□□□□□ □□□□□□□□□□□□□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□□□□0□□□□□□□□□□□□□□□□□ □□□□□□□□□□□□□□□□□ □□□□□
  • HKLM\SYSTEM\CurrentControlSet\Services\Credential Manager Command Line Utility
    Description
    Credential Manager Command Line Utility
  • HKLM\SYSTEM\CurrentControlSet\Services\Credential Manager Command Line Utility\Enum
    NextInstance
    0x00000001
Processes Created
  • c:\docume~1\support\locals~1\temp\rarsfx0\microtask.exe
  • c:\program files\common files\services\microtask.exe
  • c:\windows\system32\svchost.exe
IP Connections
  • 172.16.255.255:53
DNS Requests
  • update.outhmail.com

download Try Sophos products for free
Download now