Troj/StartP-DY

Category:	Viruses and Spyware	Protection available since:	03 Sep 2010 01:30:31 (GMT)
Type:	Trojan	Last Updated:	03 Sep 2010 01:30:31 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/StartP-DY exhibits the following characteristics:

File Information

Size: 119K
SHA-1: 3cc4fd38c8ee9aa7baa148d0dd29607bdc18d61c
MD5: e3225ba224aae142827642adc75a1060
CRC-32: 319cbae5
File type: application/x-ms-dos-executable
First seen: 2010-09-02

Other vendor detection

Avira: TR/ATRAPS.Gen2
Kaspersky: Trojan-Downloader.Win32.NSIS.es

Runtime Analysis

Dropped Files

c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\ShellLink.dll
C:\WINDOWS\xyx.ico
c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\InetLoad.dll
C:\WINDOWS\taobao.ico
C:\Documents and Settings\All Users\Templates\Temp\Funshiontempsdf
Size
1.2M
SHA-1
3b21ac4c7ee45f701dc69152973d64a0b9994d0d
MD5
cd4a9ca1d1c5e9164d78d567f1a2e6fa
CRC-32
19da4704
File type
application/x-ms-dos-executable
First seen
2010-09-03
c:\Documents and Settings\test user\Local Settings\Temp\nso3.tmp\System.dll
c:\Documents and Settings\test user\Local Settings\Temp\Setup1.3.1.0.exe.dTemp
c:\Documents and Settings\test user\Local Settings\Temp\Installer.exe
Size
82K
SHA-1
fafe27d35782456da723f820d39b01c96e37cd4e
MD5
0b74461b720deecd449b6490189d8ab2
CRC-32
ca5df9e6
File type
application/x-ms-dos-executable
First seen
2010-09-02

Modified Files

%PROFILE%\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
- Changed the file contents

Registry Keys Created

HKCR\CLSID\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}
(Default)
□□□-□□□
HKCR\CLSID\{557F8E46-FDB4-4353-A8BB-7A4A0805AF9B}
InfoTip
Internet Explorer
HKCR\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}
InfoTip
□□□□□□□□
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{DBEEC126-4924-49C0-9872-B2B57FCBC94B}
InfoText
My Places
HKCR\CLSID\{557F8E46-FDB4-4353-A8BB-7A4A0805AF9B}\DefaultIcon
(Default)
C:\WINDOWS\system32\SHELL32.DLL,220
HKCR\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\Shell\Internet Explorer\Command
(Default)
C:\Program Files\Internet Explorer\iexplore.exe http://www.131.net
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{557F8E46-FDB4-4353-A8BB-7A4A0805AF9B}
InfoText
My Places
HKCR\CLSID\{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}\TypeLib
(Default)
{DDBBF733-5338-4F7C-9CF1-F3BC26FB2EFA}

Registry Keys Modified

HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\shell\OpenHomePage\Command
(Default)
C:\Program Files\Internet Explorer\iexplore.exe http://www.pp2345.com

Processes Created

c:\docume~1\support\locals~1\temp\installer.exe

HTTP Requests

http://cfg.353wanwan.com/update/update.xml
http://neirong.funshion.com/download/silent/64068/FunshionInstall.exe
http://swf.33633.com/Setup1.3.1.0.exe

DNS Requests

cfg.353wanwan.com
neirong.funshion.com
swf.33633.com

Try Sophos products for free
Download now