Troj/PWS-ADN

Category:	Viruses and Spyware	Protection available since:	04 Dec 2006 00:00:00 (GMT)
Type:	Trojan	Last Updated:	04 Dec 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/PWS-ADN is a password stealing Trojan for the Windows platform.

Troj/PWS-ADN includes functionality to access the internet and communicate with a remote server via HTTP.

When first run Troj/PWS-ADN copies itself to <Windows>\9129837.exe and creates the following files:

<Windows>\hide_evr2.sys

The file hide_evr2.sys is detected as Troj/NTRootK-AS. The file hide_evr2.sys is registered as a new system driver service named "!!!!" with a display name of !!!!" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIDE_EVR2\
HKLM\SYSTEM\CurrentControlSet\Services\hide_evr2\

Registry entries are created under:

HKCU\Software\Microsoft\InetData\k1

HKCU\Software\Microsoft\InetData\k2

Try Sophos products for free
Download now

Troj/PWS-ADN

Free Mac Anti-Virus

Popular topics