high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 11 October 2008 15:49:07 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Gamania-CJ is a password stealing Trojan for the Windows platform.
When Troj/Gamania-CJ is installed the following files are created:
<Windows>\Debug\<VARIABLE>.DLL
<Windows>\Debug\<VARIABLE>.EXE
<Temp>\<variable>.vmp.exe
where <variable> is a string of randomly generated lower-case characters and digits and <VARIABLE> is a string of randomly generated upper-case characters and digits.
The file <VARIABLE>.DLL is registered as a COM object and shell extension, creating registry entries under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
HKCR\CLSID\{F248A057-9371-48E4-988C-7845394554F2}
The following registry entries are created:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscntfy.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavmonD.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravmon.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfwsvc.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kpfw32.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avp.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avast.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Tray.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe
debugger
IFEOFILE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360Safe.exe
debugger
IFEOFILE
|
