SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Fotomoto.A

VERY HIGH
LOW
~122KB
()

Symptoms

Presence of a key named "DomaineService" in "HKLM\Sytem\CurentControlSet\Services\Run"
Presence of a process with a random name which changes the PID (Process ID) every second (the process restarts itself often)

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Sorin Ciorceri, virus researcher

Technical Description:

Trojan.Fotomoto.A is an trojan with adware functionality. When installed this version performs the following actions:

a) It connects to an internet server and reports some basic informations about the infected computer, then receives some informations from server, informations stored in a database on that server. Those informations include a date when that computer was added to that database and other unidentified yet.

b) It modifies the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"SFCDisable" = "4"

c) If modifies the following registry entry:
HKEY_LOCAL_MACHINE\Sytem\CurentControlSet\Services\Run\"DomaineService" = path to trojan

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources