Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJANDOWNLOADER.STEGVOB.A

 

 

 

Name:

TrojanDownloader.Stegvob.a

Added:

September 28, 2011

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When TrojanDownloader.Stegvob.a is executed, it performs the following activities:

After execution, it drops the following files:

%Appdata%\{Random name folder}\svcnost.exe
%Appdata%\{Random number}.exe
%Appdata%\{Random number}.exe
%Appdata%\{Random number}.exe

It creates/modifies the following registry entries:

List\%Appdata%\{Random Name Folder}\svcnost.exe =
"%Appdata%\{Random Name Folder}\svcnost.exe:*:Enabled:ldrsoft"
HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications

List\%Appdata%\{Random Name Folder}\svcnost.exe =
"%Appdata%\{Random Name Folder}\svcnost.exe:*:Enabled:ldrsoft"
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications

mssend =""%Appdata%\{Random name folder}\svcnost.exe""
HKU\Software\Microsoft\Windows\CurrentVersion\Run

"svcnost.exe" Runs every time windows start.



 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4