Pakes.ADDS is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious ways. Trojans do not replicate or spread to other computers.
Process Related Changes
It creates the following process(es): - C:\Windows\explorer.exe
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
- C:\Windows\System32\schtasks.exe
It injects malicious code into the following process(es): - "C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe"
- "C:\Windows\system32\SearchProtocolHost.exe"
Network Activity
We observed the following DNS query/queries: - khalidandrozay.ru
- microsoft.com
It attempts to connect to the following remote servers: - khalidandrozay.ru:80 (93.174xxxxxx)
- microsoft.com:80 (64.4.xxxxxx)
Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot: - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\dkfnvkunv99450495i49 = C:\ProgramData\dkfnvkunv99450495i49\hemxccape.exe
|
