My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Injector.CZ

MEDIUM
LOW
11776
(TR/Crypt.XPACK.Gen (Avira) Trojan Horse Generic12.BYMI (AVG))

Symptoms

  • Low internet bandwith
  • High CPU usage

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Lutas Andrei Vlad, virus researcher

Technical Description:

Once executed, it will run svchost.exe, passing its own file name as a parameter, in order to be loaded by services.exe. It will then open svchost process and overwrite a part of its memory with its own code and data (this is why the process svchost.exe may be detected as Trojan.Injector.CZ in memory dumps). Then it will create a remote thread running in this process, which will connect to various web-sites, attempting to download other malware components.
Since it is running as svchost, there are chances that certain firewalls will be bypassed. It may also create various .tmp files inside the current folder, having names composed of hexa-decimal numbers (formed by digits from 0 to 9 and characters from A to F).