high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 19 July 2005 10:29:03 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/DumarDl-A is a Trojan for the Windows platform.
Troj/DumarDl-A includes functionality to silently download, install and run new software.
When Troj/DumarDl-A is installed the following files are created:
<Windows>\svchost.exe - also detected as Troj/DumarDl-A
<System>\zksdfnsuidfsdiu.jhk - this file may be deleted
The file svchost.exe is registered as a new system driver service named "moto", with a display name of "svchost.exe" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\moto\
Troj/DumarDl-A may also create the following registry entry to run itself on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Auto Update
<Windows>\svchost.exe
Registry entries are set as follows:
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings
ProxyEnable
1
HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current\Software\Microsoft\windows\CurrentVersion\Internet Settings
ProxyEnable
1
Troj/DumarDl-A attempts to download a file from a remote website and run it. At the time of writing, this file is detected by Sophos as Troj/Dumaru-BO.
|
