Discussion in 'malware problems & news' started by Technodrome, Nov 5, 2002.

Thread Status:
Not open for further replies.
  1. Technodrome

    Technodrome Security Expert

    Feb 13, 2002
    New York
    Troj/Zasil-A creates and executes the file registry.exe in the Windows folder and then displays a pornographic JPG image.

    The file registry.exe creates the following registry entry, which starts registry.exe when Windows starts up:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Registry Services

    Each time registry.exe is executed the Trojan will attempt to download a text file from the internet that contains links to scripts that access pages from lists of website addresses contained in the scripts. The Trojan may also access a spyware script that reports the IP address being used by the active Trojan.

    Troj/Zasil-A leaves multiple copies of the dropped executable and the JPG
    file in the Windows Temp folder.

    The JPG graphic is of a naked middle-aged blonde woman sitting on a table and advertises a pornographic website.

Thread Status:
Not open for further replies.