TROJAN.JORIK.SHAKBLADES.UW
Name:
Trojan.Jorik.Shakblades.uw
Added:
July 27, 2011
Type:
Trojan
Risk:
Low
Payload:
N/A
At risk systems:
Windows 95/98/ME/XP/NT/2003
Description:
When Trojan.Jorik.Shakblades.uw is executed, it performs the following activities:After execution, it drops the following files:%Appdata%\data.dat%Appdata%\zanscasaos.exe%Appdata%\zdsafnafo\ztzasuiasfkasfn.exeIt creates/modifies the following registry entries:%Appdata%\zanscasaos.exe = "%Appdata%\zanscasaos.exe:*:Enabled:Windows Messanger"HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List%Appdata%\zanscasaos.exe = "%Appdata%\zanscasaos.exe:*:Enabled:Windows Messanger"HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List%Appdata%\zdsafnafo\ztzasuiasfkasfn.exe = "%Appdata%\zdsafnafo\ztzasuiasfkasfn.exe:*:Enabled:Windows Messanger"HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List%Appdata%\zanscasaos.exe = "%Appdata%\zanscasaos.exe:*:Enabled:Windows Messanger"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List%Appdata%\zdsafnafo\ztzasuiasfkasfn.exe = "%Appdata%\zdsafnafo\ztzasuiasfkasfn.exe:*:Enabled:Windows Messanger"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\Listzasdoafnasf = "%Appdata%\zdsafnafo\ztzasuiasfkasfn.exe"HKU\Software\Microsoft\Windows\CurrentVersion\Runztzasuiasfkasfn.exe runs every time Windows starts
Malware problems?We can help.
Evaluate Thirtyseven4 Antivirus Now
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
