Help
http://www.sophos.com/virusinfo/analyses/trojmultidrfg.html
We've had worms and trojans attempting to steal financial information, we've had them dropping adult related material on people's machines. Now we have a new breed of trojan that goes one step further. Troj/Multidr-FG will drop child related porn on a victim's machine. Needless to say this could have serious consequences for the user if the media file is not removed. If the media content was found by some unsuspecting engineer for example and they decided to inform the authorities, the user might find themselves in hot water.
When Troj/Multidr-FG is installed the following files are created and opened:
%Temp%\childporn.wmv
%System%\loadadv713.exe
%System%\msits.exe
%System%\win32.exe
It also drops 3 other trojans so keep your eye out for the combination in scan results.
Troj/Harnig-J attempts to download files to the following locations:
%Windows%\country.exe
%Windows%\hosts
%Windows%\kl1.exe
%Windows%\secure32.html
%System%\paytime.exe
%Windows%\tool1.exe
%Windows%\tool2.exe
%Windows%\tool3.exe
%Windows%\tool4.exe
%Windows%\tool5.exe
%Windows%\toolbar.exe
%Windows%\uniq
Troj/Vixup-BM
Disables the Task Manager !!
O4 - HKLM\..\Run: [System] C:\windows\system32\kernels64.exe <--HijackThis entry
%Temp%\1.qtdfmp
%Temp%\2.qtdfmp
%Temp%\3.qtdfmp
%Temp%\4.qtdfmp
%Temp%\5.qtdfmp
%Temp%\6.qtdfmp
%Temp%\7.qtdfmp
%System%\vx.tll
%System%\vxh8jkdq1.exe
%System%\vxh8jkdq2.exe
%System%\vxh8jkdq5.exe
%System%\vxh8jkdq6.exe
%System%\vxh8jkdq7.exe
Troj/Bizves-D
When first run Troj/Bizves-D copies itself to %System%\cmd32.exe and stores downloaded files with the following filenames:
asfds
cdegfr
fdsf
sdfdsf
sdfff
wdcevf
wdcsadsad
zxczxc
%System%\z11.exe
%System%\z12.exe
%System%\z13.exe
%System%\z14.exe
%System%\z15.exe
%System%\z16.exe
Back to top
