high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | October 2008 (4.34) |
| Protection available since | 28 July 2007 15:27:12 (GMT) |
| Last updated | 19 August 2008 01:51:07 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Pushu-Gen is a family of Trojans for the Windows platform.
When members of Troj/Pushu-Gen are installed one of the following files is usually created:
<Windows>\system32\drivers\ip6fw.sys
<Windows>\system32\drivers\netdtect.sys
<Windows>\system32\drivers\secdrv.sys
These files may be registered as a new system driver service named for example "Restore", "Ip6Fw", "NetDetect" or "Secdrv". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\<service name>
When members of Troj/Pushu-Gen are installed the following file is also usually created:
<Windows>\system32\drivers\runtime.sys
runtime.sys is usually registered as a new system driver service named "Runtime". Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\Runtime
These system files provide stealthing for Troj/Pushu-Gen.
Members of Troj/Pushu-Gen may also attempt to download from a remote location by injecting code into Internet Explorer, sometimes downloading to the following location:
<Windows>\system32\<random number>_exception.nls
|
