SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Downloader.Stration.F

MEDIUM
MEDIUM
11 kbytes (packed)
(Email-Worm.Win32.Warezov, Trojan-Downloader:W32/Warezov, W32.Stration)

Symptoms

- The presence of the following file: %WINDIR%\sqhos32.wmf
- The presence of the following registry key:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run: "lre"="%path_to_trojan%"

- A process named 'module.exe' running

Removal instructions:

Please let BitDefender delete this trojan.

Analyzed By

Marius Botis, virus researcher

Technical Description:

The trojan creates a file named sqhos32.wmf in %WINDIR% folder, file that contains some data the trojan uses. Then, it will create the following registry key in order to execute itself at each system startup:
HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run: "lre"="%path_to_trojan%"

The trojan tries to download a file named 'module.exe' from http://eased{...}.com/et.exe.

When the link becomes available, it will execute the downloaded file, delete the startup registry key and mark itself for deletion at the next system startup.
Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources