TROJANDOWNLOADER.NEKOTIMED.A
Name:
TrojanDownloader.Nekotimed.a
Added:
December 6, 2011
Type:
Trojan
Risk:
Low
Payload:
N/A
At risk systems:
Windows 95/98/ME/XP/NT/2003
Malware problems? We can help. Free Removal Tools.
Description:
When TrojanDownloader.Nekotimed.a is executed, it performs the following activities:After execution, it drops the following files :%Windir%\system32\-36104-12655%Temp%\fvq1.tmp%Temp%\h8nil4o8\z.lz%Temp%\h8nil4o8\_uninstall%Temp%\h8nil4o8\b.dll%Temp%\h8nil4o8\mtv.exe%Temp%\h8nil4o8\p.dll%Temp%\h8nil4o8\s.exe%Windir%\system32\33be.dll%Windir%\system32\136o.dll%Windir%\system32\33bd.exe%Windir%\system32\-20104-12655%Windir%\system32\00b%Windir%\Tasks\ms.job%Windir%\6d6u.bmp%Windir%\6d6d.exe%Windir%\6d6d.flv%AllusersProfile%\Application Data\t\r1420.dat%AllusersProfile%\Application Data\t\b1420.dat%AllusersProfile%\Application Data\t\a1420.dat%AllusersProfile%\Application Data\t\p1420.dat%AllusersProfile%\Start Menu\Programs\Startup\star.lnk%AllusersProfile%\Start Menu\Programs\Startup\ktv.lnkIt creates/modifies the following registry entries : InprocServer32\ = "%Windir%\system32\136o.dll"HKLM\SOFTWARE\Classes\CLSID\{FCAA0766-15FC-4aec-A010-F4605D272581}win32\ = "%Windir%\system32\136o.dll"HKLM\SOFTWARE\Classes\TypeLib\{8A4F328C-C9F4-4449-A0DF-A756A6B52ABF}\1.0\0plc = "%Windir%\system32\rundll32.exe %Windir%\system32/33be.dll,Always"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunEventMessageFile = "%Windir%\system32\33bd.exe"HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\OSTDImagePath = "%Windir%\system32\33bd.exe"HKLM\SYSTEM\ControlSet001\Services\OSTDEventMessageFile = "%Windir%\system32\33bd.exe"HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\OSTDImagePath = "%Windir%\system32\33bd.exe"HKLM\SYSTEM\CurrentControlSet\Services\OSTD
“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4
