Detect Date | 05/17/2007 |
Class | Worm |
Platform | Win32 |
Description |
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 945664 bytes in size. It is not packed in any way. It is written in Delphi. InstallationWhen launched, the Trojan copies itself as shown below: %Documents and Settings%%user%Start MenuProgramsStartupRavMonE.exe
%Documents and Settings%%user%Start MenuProgramsStartupavp.exe %System%RavMon.exe The Trojan creates the following registry key with installation data: [HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerrm]
It also creates the following system registry key values: [HKCRSoftwareMicrosoftInternet Account] “Expire Days” = “dword:8” [HKCRControl PanelDesktop] “AutoEndTasks” = “1” In order to ensure that the Trojan is launched automatically each time the system is restarted, the Trojan registers its executable file in the system registry: [HKLMSoftwareMicrosoftWindowsCurrentVersionRun]
“RavAV” = “%Documents and Settings%%user%Start MenuProgramsStartupRavMonE.exe” “RavMon” = “%System%RavMon.exe” |
Find out the statistics of the threats spreading in your region |