Suspicious#bredolab.dc_6 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers.
Process Related Changes
It creates the following mutex(es):
It creates the following process(es): - C:\Windows\system32\svchost.exe [ svchost.exe ]
Network Activity
We observed the following DNS query/queries:
Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot: - HKLM\software\microsoft\windowsnt\currentversion\winlogon\shell = explorer.exerundll32.exethxr.wgonwfdtx
|
