high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | June 2005 (3.94) |
| Protection available since | 7 March 2005 22:03:23 (GMT) |
| Last updated | 29 April 2005 13:44:50 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Mosuck-G is a backdoor Trojan.
Troj/Mosuck-G drops files in locations such as the following:
<Windows system folder>\1033\<machine name>\<random folder name>\svchost.exe
These files are also detected as Troj/Mosuck-G. The Trojan makes the following registry changes in order to run dropped files on startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
lk3h1
<path to dropped file>
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
lk3h1
<path to dropped file> /RunOnce
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
lk3h1
<path to dropped file>
HKCR\exefile\Shell\open\command
<path to dropped file> \"%1\" %*
Troj/Mosuck-G may drop and run a clean file. This file is stored in the Windows folder with a filename starting with random characters followed by GENEPOOL3.EXE.
The Trojan may modify the system HOSTS file in order to prevent access to the following websites:
32bit.com
alerta-antivirus.es
amavis.org
anti-virus.com
antivirus-online.de
antivirus.cai.com
antivirus.com
antivirus.nl
antivirus.pagina.nl
antivirus.ru
antivirus.verzamelgids.nl
antivirusworld.com
authentium.com
av.ibm.com
av.ibm.com
avast.com
avast.com
avp-es.com
avp.ch
avp.com
bitdefender.com
cai.com
centralcommand.com
cia.gov
ciac.llnl.gov
ciphertrust.com
cisco.com
clamwin.sourceforge.net
commandondemand.com
compinfo.co.uk
complex.is
computertotaal.nl
cws.com
cws.internet.com
disastercenter.com
dmoz.org
download.mcafee.com
drsolomon.com
drsolomon.com
etrust.com
etrust.org
f-prot.com
f-secure.com
fbi.gov
firewallguide.com
free-av.com
free-av.com
free-av.de
freebyte.com
freebyte.com
freeware.intrastar.net
gladiator-antivirus.com
grisoft.com
heise.de
housecall.antivirus.com
icsalabs.com
icsalabs.com
kaspersky.com
kazaa.com
linux.com
liveupdate.symantec.com
liveupdate.symantecliveupdate.com
macafee.com
mandrake.com
mcafee.com
megasnel.nl
mijnhomepage.nl
my-etrust.com
my-etrust.com
nod32.com
norman.com
norman.com
norton.co.uk
norton.com
openantivirus.org
panda-software.com
panda-software.de
pandasoftware.com
pandasoftware.es
pc-active.nl
pc-active.nl
pc-pitstop.com
pestpatrol.com
pestscan.com
ravantivirus.com
redhat.com
s-cop.com
safetynet.com
sarc.com
sarc.com
sarc.com
security.symantec.com
secuser.com
sharewarejunkies.com
slipstick.com
sophos.com
srnmicro.com
stop-sign.com
surfcontrol.com
surfplan.nl
surfwatch.com
suse.com
symantec.co.uk
symantec.co.uk
symantec.com
symantec.de
symantec.es
symantec.nl
symantecstore.com
thefreesite.com
totl.net
totl.net
trend.com
trendmicro-europe.com
trendmicro.com
trendmicro.de
update.symantec.com
vet.com.au
virusbtn.com
virushunter.com
virusprotectie.nl
virusscanner.com
virusvrij.nu
vsantivirus.com
vsantivirus.com
wavci.com
webattack.com
webmesh.co.uk
www.secuser.com
zdnet.be
zdnet.com
zdnet.nl
|
