Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Troj/Multidr-FG / aka Trojan-Dropper.Win32.Agent.yf / aka Win32/TrojanDropper.Agent.VX
http://www.sophos.com/virusinfo/analyses/trojmultidrfg.html
We've had worms and trojans attempting to steal financial information, we've had them dropping adult related material on people's machines. Now we have a new breed of trojan that goes one step further. Troj/Multidr-FG will drop child related porn on a victim's machine. Needless to say this could have serious consequences for the user if the media file is not removed. If the media content was found by some unsuspecting engineer for example and they decided to inform the authorities, the user might find themselves in hot water.
When Troj/Multidr-FG is installed the following files are created and opened:
%Temp%\childporn.wmv
%System%\loadadv713.exe
%System%\msits.exe
%System%\win32.exe
It also drops 3 other trojans so keep your eye out for the combination in scan results.
Troj/Harnig-J attempts to download files to the following locations:
%Windows%\country.exe
%Windows%\hosts
%Windows%\kl1.exe
%Windows%\secure32.html
%System%\paytime.exe
%Windows%\tool1.exe
%Windows%\tool2.exe
%Windows%\tool3.exe
%Windows%\tool4.exe
%Windows%\tool5.exe
%Windows%\toolbar.exe
%Windows%\uniq
Troj/Vixup-BM
Disables the Task Manager !!
O4 - HKLM\..\Run: [System] C:\windows\system32\kernels64.exe <--HijackThis entry
%Temp%\1.qtdfmp
%Temp%\2.qtdfmp
%Temp%\3.qtdfmp
%Temp%\4.qtdfmp
%Temp%\5.qtdfmp
%Temp%\6.qtdfmp
%Temp%\7.qtdfmp
%System%\vx.tll
%System%\vxh8jkdq1.exe
%System%\vxh8jkdq2.exe
%System%\vxh8jkdq5.exe
%System%\vxh8jkdq6.exe
%System%\vxh8jkdq7.exe
Troj/Bizves-D
When first run Troj/Bizves-D copies itself to %System%\cmd32.exe and stores downloaded files with the following filenames:
asfds
cdegfr
fdsf
sdfdsf
sdfff
wdcevf
wdcsadsad
zxczxc
%System%\z11.exe
%System%\z12.exe
%System%\z13.exe
%System%\z14.exe
%System%\z15.exe
%System%\z16.exe
http://www.sophos.com/virusinfo/analyses/trojmultidrfg.html
We've had worms and trojans attempting to steal financial information, we've had them dropping adult related material on people's machines. Now we have a new breed of trojan that goes one step further. Troj/Multidr-FG will drop child related porn on a victim's machine. Needless to say this could have serious consequences for the user if the media file is not removed. If the media content was found by some unsuspecting engineer for example and they decided to inform the authorities, the user might find themselves in hot water.
When Troj/Multidr-FG is installed the following files are created and opened:
%Temp%\childporn.wmv
%System%\loadadv713.exe
%System%\msits.exe
%System%\win32.exe
It also drops 3 other trojans so keep your eye out for the combination in scan results.
Troj/Harnig-J attempts to download files to the following locations:
%Windows%\country.exe
%Windows%\hosts
%Windows%\kl1.exe
%Windows%\secure32.html
%System%\paytime.exe
%Windows%\tool1.exe
%Windows%\tool2.exe
%Windows%\tool3.exe
%Windows%\tool4.exe
%Windows%\tool5.exe
%Windows%\toolbar.exe
%Windows%\uniq
Troj/Vixup-BM
Disables the Task Manager !!
O4 - HKLM\..\Run: [System] C:\windows\system32\kernels64.exe <--HijackThis entry
%Temp%\1.qtdfmp
%Temp%\2.qtdfmp
%Temp%\3.qtdfmp
%Temp%\4.qtdfmp
%Temp%\5.qtdfmp
%Temp%\6.qtdfmp
%Temp%\7.qtdfmp
%System%\vx.tll
%System%\vxh8jkdq1.exe
%System%\vxh8jkdq2.exe
%System%\vxh8jkdq5.exe
%System%\vxh8jkdq6.exe
%System%\vxh8jkdq7.exe
Troj/Bizves-D
When first run Troj/Bizves-D copies itself to %System%\cmd32.exe and stores downloaded files with the following filenames:
asfds
cdegfr
fdsf
sdfdsf
sdfff
wdcevf
wdcsadsad
zxczxc
%System%\z11.exe
%System%\z12.exe
%System%\z13.exe
%System%\z14.exe
%System%\z15.exe
%System%\z16.exe
Back to top
