Trojan.Buzus.CV( Trojan.Win32.Buzus.auer, Win32/CeeInject.gen!A )
SYMPTOMS: Computer activity slows downPresence of a hidden process in system folder. TECHNICAL DESCRIPTION: Once executed, file starts a new process with the same name. It injects an executable into the process memory, and then it drops it intro the system file,called netmon.exe. It order to ensure that it`s executed every time the system starts up, it creates a registry key entry HKLM\SOFTWARE\Microsoft\CurrentVersion\Run with value of the executable file that is dropped intro system file.Netmon.exe drops a driver into %system%\drivers folder, called sysdrv32.sys, that is registered as a service. For spreading, it scans copies itself on removable drives, being executed using autorun.inf file. To protect himself, it is hidden from user mode. Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: marius barat, virus researcher |
