Mal/Clomp-A

Your options

• Please send us a sample to assist in improving our technology
• Use the instructions for removing generically detected files to delete the file from your computer
• If problems persist, contact Sophos support for assistance with removal

Mal/Clomp-A is a malicious executable file for the Windows platform.

Mal/Clomp-A may attempt to spread across a network by using the Potentially Unwanted Application "PSExec".

Mal/Clomp-A typically includes functionality to access the internet and communicate with a remote server via HTTP, injecting code into Internet Explorer.

When Mal/Clomp-A is installed it may copy itself to uninstall.exe in all Startup folders, and drops a file also detected as Mal/Clomp-A to the Application Data or Temp folder using one of the following filenames:

  svchosts.exe
  taskmon.exe
  rundll.exe
  service.exe
  sound.exe
  upnpsvc.exe
  lsas.exe
  logon.exe
  helper.exe
  event.exe
  dumpreport.exe
  msiexeca.exe

Mal/Clomp-A then typically sets a registry entry at HKCU\Software\Microsoft\Windows\Current Version\Run to run this file with one of the following values (corresponding to the chosen filename):

  svchosts
  TaskMon
  RunDll
  System
  Sound
  UPNP
  lsass
  Init
  Windows
  EventLog
  CrashDump
  Setup

So for example it might create the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
UPNP
<Application Data>\upnpsvc.exe

Mal/Clomp-A may also create the following registry entries:

HKCU\Software\Microsoft\Internet Explorer\Settings
GID

HKCU\Software\Microsoft\Internet Explorer\Settings
GatesList

HKCU\Software\Microsoft\Internet Explorer\Settings
KeyM

HKCU\Software\Microsoft\Internet Explorer\Settings
KeyE

HKLM\Software\Microsoft\9593275321