Small.SY is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers. Small.SY is compressed using the executable packer and its file size is 21,504 bytes. Small.SY drops the following files on the hard drive: - C:\WINDOWS\system32\autochk.dll (21504 bytes)
- C:\DOCUME~1\Administrator\protect.dll (21504 bytes)
- C:\DOCUME~1\ADMINI~1\Recent\ChkDisk.dll (21504 bytes)
It also changes Windows registry: - Creates value "autochk"="rundll32.exe C:\WINDOWS\system32\autochk.dll,_IWMPEvents@16" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
- Creates value "autochk"="rundll32.exe C:\DOCUME~1\Administrator\protect.dll,_IWMPEvents@16" in key "HKCU\Software\Microsoft\Windows\CurrentVersion\Run".
Small.SY makes the following additional changes to the infected computer: - Creates WindowsHook monitoring messages activity.
It also contains anti-debugging code, is executed every time Windows starts.
|