Symptoms
Your computer might slow down; several new programs will run (in task manager). Also some adware like activities (like popups in IE) might appear). Internet Explorer start page will be modified
Removal instructions:
Please let BitDefender disinfect your files.
Analyzed By
Dragos Gavrilut, virus researcher
Technical Description:
Trojan.Fatobfus it’s an automated obfuscated file that acts like a downloader. Most of the time, it downloads different version of the Swizzor Trojan. Also a QHost Trojan is created sometimes. If it downloads the swizzor Trojan, the following files might appear in your computer:
- some random name files (like 64a892.exe) in your temp directory (usually C:\Documents and Settings\Administrator\Local Settings\Temp)
- Application Data directory may contain some directories formed by three or two word (like “time more” or “Tool meow bar”)
- %systemdir%/drivers/host is modified.
Also, some registry key might be added in order to ensure that these processes are run when Windows starts.
- HKLM\Software\Microsoft\Windows\CurentVersion\Run will have a key that will run one of the programs that are in Application Data Direcory
- HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser helper Object will also have a key that will run one of the programs that are in Application Data directory (usually an adware component that run with Internet Explorer )
SHARE
THIS ON