high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | May 2007 (4.17) |
| Protection available since | 7 December 2006 04:19:36 (GMT) |
| Last updated | 15 March 2007 07:56:03 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/PWS-ADN is a password stealing Trojan for the Windows platform.
Troj/PWS-ADN includes functionality to access the internet and communicate with a remote server via HTTP.
When first run Troj/PWS-ADN copies itself to <Windows>\9129837.exe and creates the following files:
<Windows>\hide_evr2.sys
The file hide_evr2.sys is detected as
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_HIDE_EVR2\
Registry entries are created under:
HKCU\Software\Microsoft\InetData\k1
HKCU\Software\Microsoft\InetData\k2
Sophos's anti-virus products include Behavioral Genotype™ Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against Troj/PWS-ADN (detected as Mal/Behav-044) since version 4.10.
HKLM\SYSTEM\CurrentControlSet\Services\hide_evr2\
|
