Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJANSPY.SPYEYES.JLN

 

 

 

Name:

TrojanSpy.SpyEyes.jln

Added:

September 7, 2011

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When TrojanSpy.SpyEyes.jln is executed, it performs the following activities:

After execution, it drops the folowing files:

%Windir%\Temp\1GG1.tmp
%Windir%\Temp\1GG1.exe
%SystemRoot%\wins.Bin\{Random Alpha numeric}.exe
%SystemRoot%\wins.Bin\{Random Alpha numeric}

It creates/modifies the folowing registry entries:

{Random Alpha numeric} = "%SystemRoot%\wins.Bin\{Random Alpha numeric}.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

{Random Alpha numeric} = "%SystemRoot%\wins.Bin\{Random Alpha numeric}.exe"
HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run

This infection has Rootkit functionality keeping "%SystemRoot%\wins.Bin" folder hidden and hooks varioys user mode functions.

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4