Troj/Drivol-A

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Drivol-A is a Trojan for the Windows platform.

The Trojan downloads additional files from a remote site and then runs them. Troj/Drivol-A is a Trojan for the Windows platform.

When first run Troj/Drivol-A copies itself to <System>\sbxtuh\fvek.exe and creates the file <System>\sbxtuh\jnklbxs.sys.

The following registry entry is created to run fvek.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
fvek
<System>\sbxtuh\fvek.exe

The file fvek.exe is registered as a new system driver service named "fveksbxtuh", with a display name of "fveksbxtuh" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:

HKLM\SYSTEM\CurrentControlSet\Services\fveksbxtuh\

The file fvek.exe is registered as a COM object, creating registry entries under:

HKCR\CLSID\(1E1C4E77-5792-B6E2-A8B3-1B54F6C75976)

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
ProxyEnable
0

The Trojan downloads additional files from a remote site and then runs them.