Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJANDROPPER.SIREFEF.B

 

 

 

Name:

TrojanDropper.Sirefef.b

Added:

September 18, 2011

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When TrojanDropper.Sirefef.b is executed, it performs the following activities:

After execution it drops the following files:

%Windir%\<RandamNumbers:RandamNumbers.exe>

It creates/modifies the following registry entries:

HKLM\System\CurrentControlSet\Services\f6dcfecc
ImagePath = "%Windir%\<RandamNumbers:RandamNumbers.exe>"


This infection has Rootkit functionality keeping "%Windir%\<RandamNumbers:RandamNumbers.exe>" hidden and hooking various user mode functions.

The Trojan also performs backdoor activity by contacting a Command and Control server on port 22292 or 80. The IP address of the server may be one of the following:

188.XXX.151.XXX
XXX.105.XXX.219
201.XXX.119.XXX
XXX.105.154.XXX
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4