high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | February 2007 (4.14) |
| Protection available since | 9 January 2007 11:16:38 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Nailuj-A is a Trojan for the Windows platform.
Troj/Nailuj-A includes functionality to access the internet and communicate with a remote server via HTTP and steal information.
When Troj/Nailuj-A is installed the following files are created:
<Windows>\lib - harmless, may be deleted
<Windows>\stdie.dll - detected as Troj/Nailuj-A
<System>\VideoAti0.dll - detected as Troj/Nailuj-A
<System>\VideoAti0.exe - detected as Troj/Nailuj-A
<System>\comctl3.srg - harmless, may be deleted
<System>\delself.bat - harmless, may be deleted
<System>\drivers\VideoAti0.sys - detected as Troj/NTRootK-BC
The file stdie.dll is registered as a COM object and Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry entries under:
HKCR\CLSID\(A3803141-3CF5-4D66-B7EA-8D2674FE152C)
HKCR\Interface\(13D90754-C6BC-4C7E-9E9E-399C211136EF)
HKCR\TypeLib\(9FD6C9E2-54F8-48A9-BEF6-964F9C221AE4)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\(A3803141-3CF5-4D66-B7EA-8D2674FE152C)
Registry entries are set as follows:
HKCR\Gogo.IEhlprObj.1\CLSID
(default)
(A3803141-3CF5-4D66-B7EA-8D2674FE152C)
HKCR\Gogo.IEhlprObj\CLSID
(default)
(A3803141-3CF5-4D66-B7EA-8D2674FE152C)
Registry entries are created under:
HKCR\Gogo.IEhlprObj
|
