Troj/Cycbot-O

Category: Viruses and SpywareProtection available since:21 Oct 2011 11:42:31 (GMT)
Type: TrojanLast Updated:21 Oct 2011 11:42:31 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Cycbot-O exhibits the following characteristics:

Runtime Analysis

Copies Itself To
  • C:\Program Files\LP\F01D\F76.exe
Dropped Files
  • C:\Program Files\LP\F01D\2.tmp
  • c:\Documents and Settings\test user\Application Data\DA1A3\337E.A1A
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    F76.exe
    C:\Program Files\LP\F01D\F76.exe
  • HKCU\Software\WinRAR
    HWID
    7b 42 46 42 32 35 43 42 35 2d 39 35 41 33 2d 34 33 39 34 2d 39 30 36 46 2d 34 31 37 33 30 32 44 41 39 41 42 34 7d
Processes Created
  • c:\program files\lp\f01d\2.tmp
  • c:\windows\system32\msiexec.exe
HTTP Requests
  • http://crl.microsoft.com/pki/crl/products/CSPCA.crl
  • http://crl.verisign.com/pca3-g2.crl
  • http://csc3-2009-crl.verisign.com/CSC3-2009.crl
DNS Requests
  • crl.microsoft.com
  • crl.verisign.com
  • csc3-2009-crl.verisign.com
  • ourdatatransfers.com