high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 10 July 2009 22:56:14 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Clomp-I is a Trojan for the Windows platform.
Troj/Clomp-I may attempt to spread across a network by using the Potentially Unwanted Application "PSExec".
Troj/Clomp-I includes functionality to access the internet and communicate with a remote server via HTTP, injecting code into Internet Explorer.
When Troj/Clomp-I is installed it may copy itself to uninstall.exe in all Startup folders, and drops a file also detected as Troj/Clomp-I to the Application Data or Temp folder using one of the following filenames:
svchosts.exe
taskmon.exe
rundll.exe
service.exe
sound.exe
upnpsvc.exe
lsas.exe
logon.exe
helper.exe
event.exe
dumpreport.exe
msiexeca.exe
Troj/Clomp-I then sets a registry entry at HKCU\Software\Microsoft\Windows\Current Version\Run to run this file with one of the following values (corresponding to the chosen filename):
svchosts
TaskMon
RunDll
System
Sound
UPNP
lsass
Init
Windows
EventLog
CrashDump
Setup
So for example it might create the following registry entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
UPNP
<Application Data>\upnpsvc.exe
Troj/Clomp-I may also create the following registry entries:
HKCU\Software\Microsoft\Internet Explorer\Settings
GID
HKCU\Software\Microsoft\Internet Explorer\Settings
GatesList
HKCU\Software\Microsoft\Internet Explorer\Settings
KeyM
HKCU\Software\Microsoft\Internet Explorer\Settings
KeyE
HKLM\Software\Microsoft\9593275321
|
