Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJANDROPPER.INJECTOR.ANR

 

 

Name:

TrojanDropper.Injector.anr

Added:

January 11, 2012

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When TrojanDropper.Injector.anr is executed, it performs the following activities:

It renames the folowing Windows file to a random name:

%Windir%\system32\userinit.exe

It deletes the following file:

%Windir%\system32\taskmgr.exe

It drops its own files as:

%Windir%\system32\taskmgr.exe
%Windir%\system32\userinit.exe
%Windir%\system32\dllcache\taskmgr.exe
%Windir%\system32\dllcache\userinit.exe
%AppData%\22CC6C32.exe

It modifies the registry entry below so that can gets loaded instead of explorer at every Windows startup:

Shell = "%AppData%\22CC6C32.exe"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4