Injector.RDO is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers.
Process Related Changes
It creates the following mutex(es):
- "sexynewmutex"
- "sexynewmutex-readfile"
Network Activity
We observed the following DNS query/queries:
Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot: - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svmhost.exe =
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\svmhost.exe =
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\159a8ac3ba11f5a516859a4836064a34 = C:\windows\temp\159a8ac3ba11f5a516859a4836064a34.exe
|
