Injector.PI is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers. Injector.PI is compressed using the Embedded_R#DATAINFO executable packer and its file size is 79,676 bytes. Injector.PI drops the following files on the hard drive: - C:\Program Files\Common Files\Microsoft Shared\MSINFO\system.2dt (79676 bytes)
- C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk (25916 bytes)
It also changes Windows registry: - Creates key "HKCR\CLSID\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}".
- Creates value ""="" in key "HKCR\CLSID\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}".
- Creates key "HKCR\CLSID\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}\InProcServer32".
- Creates value ""="C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk" in key "HKCR\CLSID\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}\InProcServer32".
- Creates value "ThreadingModel"="Apartment" in key "HKCR\CLSID\{A6011F8F-A7F8-49AA-9ADA-49127D43138F}\InProcServer32".
- Creates value "{A6011F8F-A7F8-49AA-9ADA-49127D43138F}"="" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks".
|
