Troj/Agent-RDY

Category: Viruses and SpywareProtection available since:14 Apr 2011 17:57:52 (GMT)
Type: TrojanLast Updated:14 Apr 2011 17:57:52 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Agent-RDY exhibits the following characteristics:

File Information

Size
201K
SHA-1
4faa2fc090d088f3ca862286981a25f3cc8269cb
MD5
97b624253c97d07670b2ab349480e3ba
CRC-32
0d0f7ed2
File type
application/x-ms-dos-executable
First seen
2011-02-21

Other vendor detection

Avira
TR/Dropper.Gen
Kaspersky
Backdoor.Win32.VB.lti

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\dmiy.exe
Dropped Files
  • C:\WINDOWS\system32\drivers\etc\hosts
  • C:\WINDOWS\system32\vs6vo.log
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFD359.tmp
Modified Files
  • %SYSTEM%\drivers\etc\hosts
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    iktc
    C:\DOCUME~1\support\LOCALS~1\Temp\dmiy.exe
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
    Start
    0x00000004
Processes Created
  • c:\docume~1\support\locals~1\temp\dmiy.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe
  • c:\windows\system32\sc.exe
DNS Requests
  • down.installstorm.com