high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | June 2006 (4.06) |
| Protection available since | 20 April 2006 12:56:56 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Mdrop-AHY is a Trojan for the Windows platform.
Troj/Mdrop-AHY includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Mdrop-AHY is installed the following files are created:
<Temp>\x.bat
<Program Files>\xpdrv32\Util\Remove.exe
<Program Files>\xpdrv32\Util\hexi8utf.dll
<System>\camplugin.exe
<System>\update.exe
The file hexi8utf.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(F38696FC-7143-4B0A-9052-A7A96E398D11)
HKCR\CLSID\(F38696FC-7143-4B0A-9052-A7A96E398D11)
HKCR\Interface\(6EC7B37A-1592-4820-B547-CBD59AB6CF96)
HKCR\Interface\(9D318D1A-25A3-4789-9174-B60F097E95FE)
HKCR\Interface\(C7F18AFA-114B-470A-A781-D2870E9BB69F)
HKCR\TypeLib\(31A04FDA-8E2C-425E-94C5-77C834FB2D80)
HKCR\xpdrv32.class\
Registry entries are created under:
HKCU\Software\VB and VBA Program Settings\WSA\Auth\
HKCU\Software\VB and VBA Program Settings\WSA\KeyB\
HKCU\Software\VB and VBA Program Settings\WS\Info\
HKCU\Software\VB and VBA Program Settings\WS\Settings\
HKCU\Software\VB and VBA Program Settings\WS\Stats\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\xpdrv32\
|
