W32/Trite-A

Category: Viruses and SpywareProtection available since:02 Apr 2010 08:21:13 (GMT)
Type: Win32 wormLast Updated:02 Apr 2010 08:21:13 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Trite-A is a worm for the Windows platform.

When W32/Trite-A is installed it copies itself to:

<Program Files>\Analog Devices\SoundMAX\adminchkWindows5.00.2195.1620.exe
<Common Files>\InstallShield\engine\6\Intel 32\objectpsILOG.exe
<Common Files>\Microsoft Shared\MSInfo\Operatingmsinfo32.exe
<Common Files>\Microsoft Shared\Speech\OperatingSAPI5.exe
<Common Files>\Microsoft Shared\Triedit\TRIEDITTRIEDIT.exe
<Common Files>\System\ado\DataMSADOMD2.70.7713.0.exe

The following registry entries are created to run adminchkWindows5.00.2195.1620.exe, objectpsILOG.exe, Operatingmsinfo32.exe, OperatingSAPI5.exe, TRIEDITTRIEDIT.exe and DataMSADOMD2.70.7713.0.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
SAPISVR5SAPISVR5
<Common Files>\microsoft shared\speech\operatingsapi5.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
msinfo32msinfo325.1.2600.0.0108171148
<Common Files>\microsoft shared\msinfo\operatingmsinfo32.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ComponentTRIEDIT
<Common Files>\microsoft shared\triedit\triedittriedit.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
msader15ADOR15
<Common Files>\system\ado\datamsadomd2.70.7713.0.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Audio3Dadminchk
<Program Files>\analog devices\soundmax\adminchkwindows5.00.2195.1620.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ObjectKernel
<Common Files>\installshield\engine\6\intel 32\objectpsilog.exe