Sophos

Troj/Witna-A

Aliases
  • Trojan-Dropper.Win32.Small.tn
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Protection available since 23 April 2005 17:09:51 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Witna-A is a Trojan for the Windows platform. The Trojan hooks into Internet Explorer as a Browser Helper Object and may download further files.

The Trojan sets the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SW
DisplayName
Shopping Wizard

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SW
UninstallString
rundll32 url.dll,FileProtocolHandler <URL>

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SE
DisplayName
Search Extender

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\SE
UninstallString
rundll32 url.dll,FileProtocolHandler <URL>

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HSA
DisplayName
Home Search Assistent

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\HSA
UninstallString
rundll32 url.dll,FileProtocolHandler <URL>

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\
Browser Helper Objects\(B36BE120-95DE-5F02-4335-36B4124FB086)

HKLM\Software\Microsoft\Internet Explorer\URLSearchHooks
(B36BE120-95DE-5F02-4335-36B4124FB086)

HKCR\CLSID\(B36BE120-95DE-5F02-4335-36B4124FB086)
<several entries>

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer