Troj/DwnLdr-HAO

Category	Viruses and Spyware
Type	Trojan
What to do	Please contact support for assistance with removal.
Prevalence	low high

Summary

Summary
More Information


Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	April 2008 (4.28)
Protection available since	6 February 2008 09:17:26 (GMT)
Last updated	12 February 2008 19:46:18 (GMT)
Detected by	All Sophos products

More Information

Summary
More Information

Troj/DwnLdr-HAO is a Trojan for Windows Platform.

Troj/DwnLdr-HAO includes functionality to access the internet, download other malware and execute them.

When first run Troj/DwnLdr-HAO copies itself to
<Windows system folder>\<sescmgr>.exe.

The following registry entry is created to run sescmgr.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
<sctrlmgr>
<Windows system folder>\<sescmgr>.exe

The following registry entry is set, affecting internet security:

HKCU\Software\Microsoft\CurrentVersion\Internetsettings\Zonemap\Domains\aflashcounter.com

Adds itself to the folowing key to be registered as an authorized application:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
AuthorizedApplication

It tries to download the following files from web :

<Windows system folder>\rsoprov.exe
<Windows system folder>\rdpslip.exe
<Windows system folder>\sescmgr.exe

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/DwnLdr-HAO

Summary

More Information