Sophos

Troj/Voken-A

Aliases
  • Trojan-Downloader.Win32.Small.any
  • Downloader-WD
  • trojan
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Included in our products from May 2005 (3.93)
Protection available since 14 March 2005 14:28:35 (GMT)
Detected by All Sophos products

Action

More Information

Troj/Voken-A is a downloader Trojan.

When first run, Troj/Voken-A will copy itself to the Windows folder as SVCHST.EXE. In order to run automatically each time a user logs in, Troj/Voken-A will set the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ws2_32
%WINDOWS%\svchst.exe

Troj/Voken-A will then attempt to download and run an executable file. At the time of writing, the downloaded file has been detected as Troj/Iyus-Fam since 3.87.

After the file has been downloaded, Troj/Voken-A will attempt to delete itself and the registry entry responsible for running it automatically.

Troj/Voken-A will attempt to suppress warning messages from the beta version of Microsoft AntiSpyware.

Troj/Voken-A will attempt to terminate the following anti-virus and security-related processes:

--------.EXE, -------.EXE, ------.EXE, _AVP32.EXE, _AVPCC.EXE, _AVPM.EXE, ACKWIN32.EXE, ALG.EXE, ANTI-TROJAN.EXE, APVXDWIN.EXE, ARMOR2NET.EXE, AUTODOWN.EXE, AVCONSOL.EXE, AVE32.EXE, AVGCTRL.EXE, AVKSERV.EXE, VNT.EXE, AVP.EXE, AVP32.EXE, AVPCC.EXE, AVPDOS32.EXE, AVPM.EXE, VPTC32.EXE, AVPUPD.EXE, AVSCHED32.EXE, AVWIN95.EXE, AVWUPD32.EXE, BLACKD.EXE, BLACKICE.EXE, CFIADMIN.EXE, CFIAUDIT.EXE, CFINET.EXE, FINET32.EXE, CLAW95.EXE, CLAW95CF.EXE, CLEANER.EXE, CLEANER3.EXE, DVP95.EXE, DVP95_0.EXE, ECENGINE.EXE, ESAFE.EXE, ESPWATCH.EXE, F- GNT95.EXE, F-PROT.EXE, F-PROT95.EXE, F-STOPW.EXE, FINDVIRU.EXE, FP- IN.EXE, FPROT.EXE, FRW.EXE, IAMAPP.EXE, IAMSERV.EXE, IBMASN.EXE, IBMAVSP.EXE, ICLOAD95.EXE, ICLOADNT.EXE, ICMON.EXE, ICSUPP95.EXE, ICSUPPNT.EXE, I ACE.EXE, IOMON98.EXE, JEDI.EXE, LOCKDOWN2000.EXE, LOOKOUT.EXE, LUALL.EXE, MOOLIVE.EXE, MPFTRAY.EXE, N32SCANW.EXE, NAVAPW32.EXE, NAVLU32.EXE, NAVNT.EXE, NAVW32.EXE, NAVWNT.EXE, NISUM.EXE, NMAIN.EXE, NORMIST.EXE, NPROTECT.EXE, NUPGRADE.EXE, NVC95.EXE, NVSVC32.EXE, PADMIN.EXE, PAVCL.EXE, PAVSCHED.EXE, PAVW.EXE, PCCWIN98.EXE, PCFWALLICON.EXE, PERSFW.EXE, RAV7.EXE, RAV7WIN.EXE, RESCUE.EXE, SAFEWEB.EXE, SAVSCAN.EXE, SCAN32.EXE, SCAN95.EXE, SCANPM.EXE, SCRSCAN.EXE, SERV95.EXE, SMC.EXE, SPHINX.EXE, SWEEP95.EXE, TBSCAN.EXE, TCA.EXE, TDS2-98.EXE, TDS2-NT.EXE, VET95.EXE, VETTRAY.EXE, W-----.EXE, WEBSCANX.EXE, WFINDV32.EXE, ZONEALARM.EXE

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer