Troj/Buzus-AY

Category: Viruses and SpywareProtection available since:01 Sep 2009 10:03:09 (GMT)
Type: TrojanLast Updated:01 Sep 2009 10:03:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Buzus-AY is a Trojan for the Windows platform.

When the Troj/Buzus-AY is installed the following detected files are created:

<Temp>\bot.exe
<Temp>\Kh06.exe
<System>\msconf.exe

The following registry entries are created to run msconf.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
msconfig.
msconf.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msconfig.
msconf.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
msconfig.
msconf.exe

Registry entries are set as follows:

HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
restrictanonymous
0x00000001