high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Harnig-Z is a Trojan for the Windows platform.
When first run Troj/Harnig-Z copies itself to <System>\winnt.exe.
The following registry entry is created to run winnt.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ldr
<System>\winnt.exe
Troj/Harnig-Z also modifies the HOSTS file, appending the following mappings to deny access to security and anti-virus related websites:
1.2.3.4 trendmicro.com
1.2.3.4 rads.mcafee.com
1.2.3.4 customer.symantec.com
1.2.3.4 liveupdate.symantec.com
1.2.3.4 us.mcafee.com
1.2.3.4 updates.symantec.com
1.2.3.4 update.symantec.com
1.2.3.4 www.nai.com
1.2.3.4 nai.com
1.2.3.4 secure.nai.com
1.2.3.4 dispatch.mcafee.com
1.2.3.4 download.mcafee.com
1.2.3.4 www.my-etrust.com
1.2.3.4 my-etrust.com
1.2.3.4 mast.mcafee.com
1.2.3.4 ca.com
1.2.3.4 www.ca.com
1.2.3.4 networkassociates.com
1.2.3.4 www.networkassociates.com
1.2.3.4 avp.com
1.2.3.4 www.kaspersky.com
1.2.3.4 www.avp.com
1.2.3.4 kaspersky.com
1.2.3.4 www.f-secure.com
1.2.3.4 f-secure.com
1.2.3.4 viruslist.com
1.2.3.4 www.viruslist.com
1.2.3.4 liveupdate.symantecliveupdate.com
1.2.3.4 mcafee.com
1.2.3.4 www.mcafee.com
1.2.3.4 sophos.com
1.2.3.4 www.sophos.com
1.2.3.4 symantec.com
1.2.3.4 securityresponse.symantec.com
1.2.3.4 us.mcafee.com/root/
1.2.3.4 www.symantec.com
Troj/Harnig-Z also includes functionality to:
- inject code into NOTEPAD.EXE
- access a remote website via HTTP
|
