Troj/Nebuler-K

Category: Viruses and Spyware Protection available since:15 Oct 2006 00:00:00 (GMT)
Type: Trojan Last Updated:15 Oct 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Nebuler-K is a Trojan for the Windows platform.

Troj/Nebuler-K gathers details relating to dialup services and sends collected information to a remote site via HTTP. The Trojan may inject code into other processes in an attempt to remain hidden.

When Troj/Nebuler-K is installed the following files are created:

<System>\win<xxx>32.dll

Where <xxx> are random letters.

The following registry entries are created to run code exported by win<xxx>32.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win<xxx>32
DllName
win<xxx>32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win<xxx>32
Impersonate
0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\win<xxx>32
Startup
EvtStartup

Registry entries are created under:

HKCR\MezziaCodec.Chl\CLSID\
HKLM\SOFTWARE\Microsoft\MSSMGR\

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy