Troj/PWS-ATP

Category: Viruses and Spyware Protection available since:15 Sep 2008 03:47:39 (GMT)
Type: Trojan Last Updated:15 Sep 2008 03:47:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/PWS-ATP is a Trojan for the Windows platform.

When run Troj/PWS-ATP creates the files:
<Windows>\Debug\winhlp.dll - detectedd as Mal/LineDLL-B

and copies itself to <System>\helpme.exe.

The following registry entries are set:

HKCR\CLSID\{4B00FA89-7C1A-41F1-AF62-C7FF0D3B96A7}
(default)
url

HKCR\CLSID\{4B00FA89-7C1A-41F1-AF62-C7FF0D3B96A7}\InProcServer32
(default)
<Windows>\Debug\winhlp.dll

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{4B00FA89-7C1A-41F1-AF62-C7FF0D3B96A7}

Troj/PWS-ATP also drops a non-malicious GIF image which is then opened by the default image viewer application.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy