Troj/Nethell-H

Category: Viruses and Spyware Protection available since:24 Jan 2007 00:00:00 (GMT)
Type: Trojan Last Updated:24 Jan 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Nethell-H is a password-stealing Trojan for the Windows platform.

The Trojan contains functionality to download code from remote sites.

Troj/Nethell-H attempts to redirect and intercept web traffic in order to steal login information and passwords.

When Troj/Nethell-H is installed the following files are created:

<System>\helper.dll
<System>\helper.xml

The file helper.xml can be deleted.

The file helper.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:

HKCR\CLSID\{ AE1AA4FA-C3A2-4c33-90CD-69DD021A35C8}
HKCR\Interface\{ 54DCBD5A-3FDC-490F-B9AE-5B9DBAA39BEC}
HKCR\TypeLib\{ 80874336-C940-48FA-B15F-5BB94A8C8C83}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE1AA4FA-C3A2-4c33-90CD-69DD021A35C8}

Registry entries are set as follows:

HKCR\Helper.Helper.1\CLSID
(default)
{AE1AA4FA-C3A2-4c33-90CD-69DD021A35C8}

HKCR\Helper.Helper\CLSID
(default)
{AE1AA4FA-C3A2-4c33-90CD-69DD021A35C8}

Registry entries are created under:

HKCR\Helper.Helper

Troj/Nethell-H may modify the windows hosts file.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy