high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | November 2005 (3.99) |
| Protection available since | 15 September 2005 22:38:19 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please contact technical support.
More Information
Troj/Kagen-A is a Trojan for the Windows platform.
When run, Troj/Kagen-A copies itself to the current user's temporary folder as ~wrl00032.tmp and to the Windows system folder as ccApps.exe. The Trojan also creates and then opens the file kangen.doc which contains a message in Indonesian.
Troj/Kagen-A uses a program icon similar to that used by Microsoft Word documents. Troj/Kagen-A is a Trojan for the Windows platform.
When run, Troj/Kagen-A copies itself to the current user's temporary folder as ~wrl00032.tmp and to the Windows system folder as ccApps.exe. The Trojan also creates and then opens the file kangen.doc which contains a message in Indonesian.
Troj/Kagen-A uses a program icon similar to that used by Microsoft Word documents.
The Trojan creates the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadService
"Maaf, tempatmu bukan di sini"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SymRun
"<System>\ccApps.exe"
Troj/Kagen-A also attempts to disable registry editing tools by setting the following registry entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
dword:00000001
|
