HOME / CONTACT
 
  Home > Malware Cyclopedia > Malware Info.
 Malware Info.
FAQ
Download

 Trojan@W32.FraudPa...
 Trojan@W32.Obfusca...
 Trojan@W32.Zbot.34
 Virus@W32.Sality
 Trojan@W32.Zbot.26
Malware Info. Malware Cyclopedia
Trojan@W32.Small.18
Small.18 adds some values to the registry, then some applications can not be executed.

Small.18 adds some values to the registry, then some applications can not be executed. The Trojan can copy itself to "recycle.{645FF040-...}" folder under USB storage device.
Aliases : Trojan-Dropper.Win32.Small.dxo[Kaspersky]
Type : Trojan
Date Discovered : 2009/10/22
System Affected : Windows 95/98/ME, Windows NT/2000/XP/2003/Vista
 Risk Assessment
Distribution : High
Damage : High
 Character

None

  Description

  ●Add some values to the registry, then some applications can not be executed.

  ●Modify Special file, then users don't connect to internet.

  ●Copy itself to "recycle.{645FF040-...}" folder under USB storage device.

  ●After executing virus, it will create following files to C:\WINDOWS\Prefetch\ fodlder
   0.EXE-01310DC9.pf
   DNFTT2484.EXE-05A87730.pf
   IEXPLORE.EXE-27122324.pf
   TASKMGR.EXE-20256C55.pf
   TROJAN@W32.SMALL.18.EXE-24548328.pf

  ●After executing virus, it will delete following files.
   C:\WINDOWS\system32\verclsid.exe

  ●After executing virus, it will modify following files.
   C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
   C:\WINDOWS\Prefetch\CONIME.EXE-13EEEA1A.pf
   C:\WINDOWS\system32\appmgmts.dll
   C:\WINDOWS\system32\comres.dll
   C:\WINDOWS\system32\config\default
   C:\WINDOWS\system32\config\default.LOG
   C:\WINDOWS\system32\config\software
   C:\WINDOWS\system32\config\software.LOG
   C:\WINDOWS\system32\config\system.LOG
   C:\WINDOWS\system32\drivers\etc\hosts
   C:\WINDOWS\system32\qmgr.dll
   C:\WINDOWS\system32\wbem\Logs\wbemess.log

  ●After executing virus, it will create following files to C:\WINDOWS\Tasks\ fodlder.
   JJX5r8wnsqUnNxGwpwn.inf
   kZdWDEpQcNC2NwDe.ico

  ●After executing virus, it will create following files to C:\WINDOWS\Temp\ fodlder.
   RXCQTT2282.exe
   tlTT188.exe

  ●Add following value to the registry, then some applications can not be executed.
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avgnt.exe\Debugger: 6E 74 73 64 20 2D 64
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avguard.exe\Debugger: 6E 74 73 64 20 2D 64
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avmailc.exe\Debugger: 6E 74 73 64 20 2D 64
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avp.exe\Debugger: 6E 74 73 64 20 2D 64
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\avwebgrd.exe\Debugger: 6E 74 73 64 20 2D 64
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\
   Image File Execution Options\bdagent.exe\Debugger: 6E 74 73 64 20 2D 64
   ......
 solution None
<Back
Copyright ©2009 SumWinTek Corp., Powered by GGreat.
Tel:886-3-5820616 Fax:886-3-5820617 E-mail: support@sumwintek.com 		  
Visitor:136466