Troj/Pushu-Gen

Category: Viruses and Spyware Protection available since:29 Jul 2009 23:13:22 (GMT)
Type: Trojan Last Updated:29 Jul 2009 23:13:22 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Pushu-Gen is a family of Trojans for the Windows platform.

When members of Troj/Pushu-Gen are installed one of the following files is usually created:

<Windows>\system32\drivers\ip6fw.sys
<Windows>\system32\drivers\netdtect.sys
<Windows>\system32\drivers\secdrv.sys

These files may be registered as a new system driver service named for example "Restore", "Ip6Fw", "NetDetect" or "Secdrv". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\<service name>

When members of Troj/Pushu-Gen are installed the following file is also usually created:

<Windows>\system32\drivers\runtime.sys

runtime.sys is usually registered as a new system driver service named "Runtime". Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\Runtime

These system files provide stealthing for Troj/Pushu-Gen.

Members of Troj/Pushu-Gen may also attempt to download from a remote location by injecting code into Internet Explorer, sometimes downloading to the following location:

<Windows>\system32\<random number>_exception.nls

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy