Troj/Wintrim-D

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	19 January 2005 13:37:33 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Wintrim-D is a downloader/updater DLL which exports functionality to download an executable file from a remote location and then execute it.

On computers that use a dial-up modem, Troj/Wintrim-D is capable of initiating a new dial-up connection to the internet.

Troj/Wintrim-D typically downloads a remote executable to the Windows folder with the filename Wintrim.exe or Wintrims.exe.

Troj/Wintrim-D is commonly installed to the Windows system folder with the filename EGHTMLDialer.DLL and is registered as a COM object, creating registry entries under:

HKCR\CLSID\(B843DA96-2B2D-447E-90AB-B92929AA11AF)
HKCR\EGHTMLDialer.HTMLDialer\
HKCR\EGHTMLDialer.HTMLDialer.1\
HKCR\Interface\(62BFAEC2-82A5-4117-A98B-FEA89413D924)
HKCR\Interface\(81C2F7F3-F930-455E-9AA5-0876D387C787)
HKCR\TypeLib\(7699AEF9-F83A-44FA-B374-AA02CEDF247D)

Troj/Wintrim-D may try to terminate the following processes:

AGENTW.EXE
BLACKICE.EXE
PERSFW.EXE
SMC.EXE
SYMPROXYSVC.EXE
ZONEALARM.EXE

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Wintrim-D

Summary

Action

More Information