high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 19 October 2005 20:55:15 (GMT) |
| Last updated | 28 October 2005 12:55:07 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Chorus-B is a Trojan for the Windows platform.
When first run Troj/Chorus-B copies itself to:
<Windows>\htmlsync.exe
<System>\isystem.exe
<System>\ldriver.exe
<Windows>\zlibc.exe
The following registry entries are created to run htmlsync.exe, isystem.exe, ldriver.exe and zlibc.exe on startup:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
run
<Windows>\htmlsync.exe
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
run
<Windows>\zlibc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ldriver
<System>\ldriver.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
isystem
<System>\isystem.exe
Troj/Chorus-B changes settings for Microsoft Internet Explorer, including Start Page and search settings, by modifying the following registry values
HKCU\Software\Microsoft\Internet Explorer\
SearchURL
HKCU\Software\Microsoft\Internet Explorer\Main\
Search Bar
HKCU\Software\Microsoft\Internet Explorer\Main\
Search Page
HKCU\Software\Microsoft\Internet Explorer\Main\
Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\
Default_Page_URL
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\
Default_Search_URL
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\
Search Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\
Start Page
and values under
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\
The following registry entry is set:
HKCU\Software\Microsoft\Internet Explorer\Main
Use Custom Search URL
1
Troj/Chorus-B installs four advertising shortcuts in the Favorites folder.
|
