Cart
Trojan.Downloader.Stration.F( Email-Worm.Win32.Warezov, Trojan-Downloader:W32/Warezov, W32.Stration )
SYMPTOMS: - The presence of the following file: %WINDIR%\sqhos32.wmf- The presence of the following registry key: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run: "lre"="%path_to_trojan%" - A process named 'module.exe' running TECHNICAL DESCRIPTION: The trojan creates a file named sqhos32.wmf in %WINDIR% folder, file that contains some data the trojan uses. Then, it will create the following registry key in order to execute itself at each system startup:HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run: "lre"="%path_to_trojan%" The trojan tries to download a file named 'module.exe' from http://eased{...}.com/et.exe. When the link becomes available, it will execute the downloaded file, delete the startup registry key and mark itself for deletion at the next system startup. Removal instructions: Please let BitDefender delete this trojan.ANALYZED BY: Marius Botis, virus researcher |
