Troj/Krotten-N is a Trojan for the Windows platform.
When first run, the Trojan will perform the following:
Change the start page for Internet Explorer
Disable the registry editor, control panel and Windows task manager
When the user logon again, the Trojan will perform the following:
Delete files in <Windows> and <Program Files> folders
Modifies the system time
Troj/Krotten-N changes settings for Microsoft Internet Explorer, including the
Start Page, by modifying values under:
HKCU\Software\Microsoft\Internet Explorer\Main\
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
The following registry entries are set, disabling the registry editor (regedit)
and the Windows task manager (taskmgr):
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableTaskMgr
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
DisableRegistryTools
1
Registry entries are set as follows:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Start_ShowRun
0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Start_ShowRun
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoStartMenuPinnedList
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoStartMenuMFUprogramsList
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoStartMenuSubFolders
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoCommonGroups
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSMMyPictures
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoStartMenuMyMusic
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSMMyDocs
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDesktop
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoActiveDesktop
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoViewOnDrive
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoControlPanel
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoDrives
414
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRun
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFind
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFavoritesMenu
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoRecentDocsMenu
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoLogOff
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoClose
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSaveSettings
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoUserNameInStartMenu
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoToolbarCustomize
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoThemesTab
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoSMHelp
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoPrinterTabs
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoPrinters
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoNetHood
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoManageMyComputerVerb
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoStartMenuPinnedList
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoStartMenuMFUprogramsList
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoStartMenuSubFolders
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCommonGroups
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoSMMyPictures
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoStartMenuMyMusic
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoSMMyDocs
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDesktop
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoActiveDesktop
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoViewOnDrive
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoControlPanel
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDrives
414
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoRun
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoFind
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoFavoritesMenu
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoRecentDocsMenu
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoLogOff
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoClose
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoSaveSettings
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoUserNameInStartMenu
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoToolbarCustomize
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoThemesTab
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoSMHelp
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoPrinterTabs
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoPrinters
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoNetHood
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoManageMyComputerVerb
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
(20D04FE0-3AEA-1069-A2D8-08002B30309D)
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
(20D04FE0-3AEA-1069-A2D8-08002B30309D)
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
(450D8FBA-AD25-11D0-98A8-0800361B1103)
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
NoDispCPL
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
NoDispCPL
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Uninstall
NoAddRemovePrograms
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall
NoAddRemovePrograms
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
LegalNoticeCaption
DANGER
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Winlogon
LegalNoticeText
<e-mail address omitted >
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserClose
1
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoNavButtons
1
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoSelectDownloadDir
1
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserContextMenu
1
HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions
NoBrowserOptions
1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
LegalNoticeCaption
DANGER
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
LegalNoticeText
<e-mail omitted>
Registry entries are created under:
HKCU\Control Panel\desktop\