- Presence of the registry key: HKLM\SYSTEM\ControlSet001\Services\SSHNAS\Parameters: ServiceDll -> C:\Windows\system32\sshnas21.dll
- Presence of infected files with random names under C:\Windows folder
- Presence of job files under C:\Windows\tasks folder, registering malware execution as scheduled tasks on the infected computer
Please let BitDefender disinfect your files.
Roxana Gherle, virus researcher
Trojan.Renos.PHM is a trojan downloader belonging to the Renos family. It attempts to download other trojans.
Upon execution it will try to connect to various remote addresses for downloading and executing other malware components.
It attempts to post data to addresses belonging to the following domains:
blueriverarts.com, redskeltonarts.com, greenbeearts.com
From the afore mentioned URLs, the trojan obtains links to other three malware components, which it then downloads and executes. The downloaded malware are detected by BitDefender under the name Trojan.Renos.PHH and are dangerous trojans which download and install additional malware, spyware and badware, for various reasons.
Other dangerous sites to which the malware components try to connect:
cuert.com, msdip.com, resellerrati.com, allshome.com, thedupage.com
The Trojan removes his traces by creating a batch file jtp..bat under %TEMPDIRECTORY% which deletes the trojan and the batch file, too.