Troj/Nebuler-I

Category: Viruses and Spyware Protection available since:07 Sep 2006 00:00:00 (GMT)
Type: Trojan Last Updated:07 Sep 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Nebuler-I is a Trojan for the Windows platform.

Troj/Nebuler-I gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.

When Troj/Nebuler-I is installed the following files are created:

<Temp>\mst1.bat
<current folder>\mit.bat
<System>\win<XXX>32.dll

where <XXX> are random letters.

The win<XXX>32.dll file is also detected as Troj/Nebuler-I, mst1.bat is a copy of the win<XXX>32.dll file and mit.bat is not malicious file that will delete the Trojan main excutable once a dll component is installed.

The following registry entries are created to run code exported by win<XXX>32.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win<XXX>32
DllName
win<XXX>32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win<XXX>32
Impersonate
0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win<XXX>32
Startup
EvtStartup

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy