Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJAN.TOTEM.B

 

 

Name:

Trojan.Totem.b

Descr. Added:

September 3, 2012

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Trojan.Totem.b is executed, it performs the following activities:

It drops the following files on the system:

%Windir%\keys.ini
%System32\Drivers%\15.exe
%System32\Drivers%\515.exe
%System32\Drivers%\svajnager.exe
%system%\IwfupxiLbohj.dll

It creates/modifies the following registry entries:

ImagePath: "%System32\Drivers%\svajnager.exe"
HKLM\System\CurrentControlSet\Services\svajnag

SecurityProviders = IwfupxiLbohj.dll"
HKLM\System\ControlSet001\Control\SecurityProviders

The registry is modified to run the DLL component of the Trojan up a Windows start.

After execution, it connects to the following domains and downloads the files:

http://proton-XXX-ru.XXX.ru/system.exe
http://kXXXxe.com/tvkejl.exe

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4