Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJAN.MERED.ROP

 

 

Name:

Trojan.Mered.rop

Added:

December 18, 2011

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Trojan.Mered.rop is executed, it performs the following activities:

After execution, it drops the following files:

%System%\{Random Name}.exe
%Temp%\{Random Name}.exe
%Temp%\{Random Name}.bat
%Appdata%\{Random Name}.exe
%Appdata%\{Random Name}.bat
%Appdata%\{Random Name}.log

It creates/modifies the following registry entries:

{Random Name} = ""%Appdata%a\{Random Name}.exe""
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

path = "%Temp%{Random Name}.exe"
HKLM\Software\{Random Name}

It also creates the following services for malicious activity:

Firefox updater
Chrome updater
MouseDriver
WindowsRemote
MouseDriverinstability

It tries to establish connections with the IP addresses below:

174.[XXX].2[XXX]5.5
60.[XXX].2[XXX].60
58.[XXX].1[XXX].250
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4