Troj/Iyus-N

Catégorie:	Virus et spywares	Protection disponible depuis:	15 janv. 2008 10:20:06 (GMT)
Type:	Trojan	Dernière mise à jour :	15 janv. 2008 10:20:06 (GMT)
Prévalence:

Téléchargez notre outil gratuit de suppression des virus - Découvrez ce que votre antivirus actuel n'a pas su détecter

Troj/Iyus-N is a downloader Trojan.

Troj/Iyus-N attempts to disable anti-virus and other security software and hide warning messages from the user. Troj/Iyus-N is a downloader Trojan.

Troj/Iyus-N may arrive as a CAB archive containing two files, setting.inf (detected as Troj/Iyus-G) and install.exe.

When install.exe is run it creates files named loader.exe and refresh.html in the user's temp folder. Refresh.html is a harmless web page and may be safely deleted. Loader.exe is a component of Troj/Iyus-N.

Loader.exe drops a file named javavm1.dll in the Windows system folder and registers it with the operating system, creating registry entries under the following locations :

HKCR\CLSID\{DE23A040-D6AA-43ca-9B86-D9BE3DAA6FE7}
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

Javavm1.dll attempts to download and run a file from a preconfigured website.

Both the loader.exe and javavm1.dll components of the Trojan attempt to disable a number of anti-virus and security related software by the following means:

Deleting the following registry entries :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccApp

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Advanced Tools Check

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
gcasServ

Deleting all files from the following folders :

C:\Program Files\Common Files\Network Associates\
C:\Program Files\Common Files\Symantec Shared\
C:\Program Files\Kaspersky Lab\
C:\Program Files\McAfee\
C:\Program Files\Microsoft AntiSpyware\
C:\Program Files\Norton Antivirus\

Terminating the following processes :

ALOGSERV.EXE
AVCONSOL.EXE
AVSYNMGR.EXE
CCAPP.EXE
CCEVTMGR.EXE
CCSETMGR.EXE
FRAMEWORKSERVICE.EXE
GCASCLEANER
GCASDTSERV
GCASINSTALLHELPER
GCASNOTICE
GCASSERV
GCASSERVALERT
GCASSWUPDATER
GCIPTOHOSTQUEUE
GIANTANTISPYWAREMAIN
GIANTANTISPYWAREUPDATER
KAV.EXE
KAVSEND.EXE
KAVSVC.EXE
MCSHIELD.EXE
NAPRDMGR.EXE
NAVAPSVC.EXE
NMAIN.EXE
OUTPOST.EXE
QCLEAN.EXE
RULAUNCH.EXE
SAVSCAN.EXE
SHSTAT.EXE
SYMLCSVC.EXE
TBMON.EXE
VSHWIN32.EXE
VSMAIN.EXE
VSSTAT.EXE
VSTSKMGR.EXE

The javavm1.dll component also monitors warning messages and hides messages with the following titles from the user :

Allow all activities for this application
Hidden Process Requests Network Access
Warning: Components Have Changed
Warning: some components changed
Windows Security Alert

download Essayez les produits Sophos gratuitement
Téléchargez maintenant

Troj/Iyus-N

Free Mac Anti-Virus

Sujets populaires