high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | December 2005 (4.00) |
| Protection available since | 26 October 2005 08:04:21 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Multidr-ER is a Trojan for the Windows platform.
Troj/Multidr-ER includes functionality to access the internet and communicate
with a remote server via HTTP.
When Troj/Multidr-ER is installed the following files are created:
\DelUS.bat
<Windows>\EliteToolBar\EliteToolBar version 60.dll
<System>\elitelsj32.exe
The file elitelsj32.exe is detected as Troj/StartPa-FK and "EliteToolBar version
60.dll" is an AdWare application.
The following registry entry is created to run elitelsj32.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
checkrun
<System>\elitelsj32.exe
The file "EliteToolBar version 60.dll" is registered as a COM object, toolbar and
Browser Helper Object (BHO) for Microsoft Internet Explorer, creating registry
entries under:
HKCU\Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser\(825CF5BD-8862-4430-B771-0C15C5CA8DEF)
HKLM\SOFTWARE\Microsoft\Internet
Explorer\Toolbar\(825CF5BD-8862-4430-B771-0C15C5CA8DEF)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper
Objects\(28CAEFF3-0F18-4036-B504-51D73BD81ABC)
HKCR\CLSID\(28CAEFF3-0F18-4036-B504-51D73BD81ABC)
HKCR\CLSID\(825CF5BD-8862-4430-B771-0C15C5CA8DEF)
Registry entries are created under:
HKCU\Software\LQ\
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet
Explorer Toolbar\
HKLM\SOFTWARE\Elitum\EliteToolBar\
|
