high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 18 November 2005 03:13:17 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Podrop-C is a dropper Trojan for the Windows platform.
Troj/Podrop-C installs adware, malware and legitmate applications on the infected computer.
Troj/Podrop-C installs an adware application, creating the following files:
<Program Files>\Media Access\Info.txt
<Program Files>\Media Access\MediaAccC.dll
<Program Files>\Media Access\MediaAccK.exe
<Program Files>\Media Access\MediaAccess.exe
<Windows temp folder>\win.exe
Troj/Podrop-C creates the following malicious files:
<Windows system folder>\nub-san.exe or xpjava.exe - detected by Sophos as W32/Rbot-Fam
<Windows system folder>\msdirectx.sys - detected by Sophos as Troj/NtRootK-F
Troj/Podrop-C creates the following clean or legitimate application files:
<Windows system folder>\ide21201.vxd
The following registry entries are created to run MediaAccK.exe and win.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
win.exe
<Windows temp folder>\win.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Media Access
<Program Files>\Media Access\MediaAccK.exe
The file MediaAccess.exe is registered as a COM object, creating registry entries under:
HKCR\CLSID\(1E5F0D38-214B-4085-AD2A-D2290E6A2D2C)
HKCR\Interface\(00ADA225-EA6C-4FB3-82E8-68189201CCB9)
HKCR\MediaAccess.Installer\
HKCR\TypeLib\(15696AE2-6EA4-47F4-BEA6-A3D32693EFC7)
Registry entries are created under:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Media Access\
HKLM\SOFTWARE\Media Access\
Troj/Podrop-C provides an uninstall option which can be accessed via the Add or Remove Programs dialog in the Windows Control Panel. The software is listed as "Media Access".
|
