Spyware Backdoor.Win32.Haxdoor.hw
Default path:
%system32%\qo.sys
This virus adds a few items in the startup registry
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvpp01\
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yvpp02\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvpp01\DllName
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\svcshare Value:"%WINDOWS%\system32\drivers\spoclsv.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run \System Value:"%Program Files%\Common Files\System\Updaterun.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\alsmt.exe Value:"%WINdir\system32\alsmt.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3341007-C77C-4F1C-B2A5-D94D5BE55F7E}\InprocServer32\@
Value:"C:\WINDOWS\system32\ybzwkdjnrfvijev.dll"
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3341007-C77C-4F1C-B2A5- D94D5BE55F7E}\InprocServer32\ThreadingModel Value:"Apartment"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer \Browser Helper Objects\{D3341007-C77C-4F1C-B2A5-D94D5BE55F7E}\ |
Comments (0)
