Troj/Kagen-A

Category: Viruses and Spyware
Type: Trojan
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Kagen-A is a Trojan for the Windows platform.

When run, Troj/Kagen-A copies itself to the current user's temporary folder as ~wrl00032.tmp and to the Windows system folder as ccApps.exe. The Trojan also creates and then opens the file kangen.doc which contains a message in Indonesian.

Troj/Kagen-A uses a program icon similar to that used by Microsoft Word documents. Troj/Kagen-A is a Trojan for the Windows platform.

When run, Troj/Kagen-A copies itself to the current user's temporary folder as ~wrl00032.tmp and to the Windows system folder as ccApps.exe. The Trojan also creates and then opens the file kangen.doc which contains a message in Indonesian.

Troj/Kagen-A uses a program icon similar to that used by Microsoft Word documents.

The Trojan creates the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
LoadService
"Maaf, tempatmu bukan di sini"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SymRun
"<System>\ccApps.exe"

Troj/Kagen-A also attempts to disable registry editing tools by setting the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
dword:00000001