Injector.AUQZ is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.
Process Related Changes
It creates the following mutex(es):
- "IESQMMUTEX_0_208"
- "DBWinMutex"
It creates the following process(es): - C:\Windows\system32\taskkill.exe [ taskkill /F /IM explorer.exe ]
- c:\Program Files\Internet Explorer\iexplore.exe [ \c:\Program Files\Internet Explorer\iexplore.exe ]
Network Activity
We observed the following DNS query/queries: - networksecurityx.hopto.org
Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot: - HKCU\software\microsoft\windowsnt\currentversion\winlogon\shell = C:\windows\temp\7585747335a250822502b245379fc3bb.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\explorer = C:\windows\temp\7585747335a250822502b245379fc3bb.exe
- HKCU\software\microsoft\windowsnt\currentversion\winlogon\uihost = C:\windows\temp\7585747335a250822502b245379fc3bb.exe
|
