Troj/Salload-D

Category:	Viruses and Spyware	Protection available since:	28 Jul 2010 22:54:06 (GMT)
Type:	Trojan	Last Updated:	28 Jul 2010 22:54:06 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Salload-D is a Trojan for the Windows platform.

Troj/Salload-D is a DLL that attempts to drop and run more malware, typically detected as Mal/Sality-D.

Troj/Salload-D is usually seen dropped by Troj/Sallink-A, which also drops a LNK shortcut file to the same remote location, detected as Exp/Cplink-A, that attempts to exploit CVE-2010-2568 to run Troj/Salload-D automatically when the folder is browsed to.

Troj/Salload-D attempts to contact a remote URL, and to set a registry entry at the following location to bypass the Windows firewall:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
<path to Trojan>:*:Enabled:ipsec
<path to Trojan>

Troj/Salload-D may attempt to write to an entry in SYSTEM.INI, for example writing an entry in the "fje32a1s" section, setting the key name of "minr" to 1.

Troj/Salload-D may attempt to write to a registry entry at the following location:

HKCU\SOFTWARE\<variant-specific name>
session

Try Sophos products for free
Download now

Troj/Salload-D

Free Mac Anti-Virus

Popular topics