Troj/WOW-HH

Category:	Viruses and Spyware	Protection available since:	22 Sep 2006 00:00:00 (GMT)
Type:	Trojan	Last Updated:	22 Sep 2006 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/WOW-HH is a password stealing Trojan for the Windows platform.

When first run Troj/WOW-HH copies itself to:

<Common Files>\inexplore.pif
<Program Files>\Internet Explorer\inexplore.com
<Windows folder>\1.com
<Windows folder>\Debug\DebugProgram.exe
<Windows folder>\exerouter.exe
<Windows folder>\exp10rer.com
<Windows folder>\finders.com
<Windows folder>\smss.exe
<Windows system folder>\command.pif
<Windows system folder>\dxdiag.com
<Windows system folder>\msconfig.com
<Windows system folder>\regedit.com
<Windows system folder>\rund1132.com

The file inexplore.com is registered as a COM object, creating registry entries under:

HKCR\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}

Troj/WOW-HH changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe 1

HKCR\Drive\shell\find\command
(default)
<Windows folder>\EXP10RER.com

HKCR\htmlfile\shell\opennew\command
(default)
<Common Files>\inexplore.pif" %1

HKCR\htmlfile\shell\print\command
(default)
rundll32.exe <Windows system folder>\mshtml.dll,PrintHTML "%1"

Registry entries are created under:

HKCU\Software\VB and VBA Program Settings\Microsoft Soft Debuger\Settings\

Try Sophos products for free
Download now

Troj/WOW-HH

Free Mac Anti-Virus

Popular topics