Home / malware Trojan.Fotomoto.F
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Fotomoto.F is also known as Trojan.Win32.Obfuscated.kp, Trojan.EzulaAd.
Explanation :
Trojan.Fotomoto.F is an trojan with adware functionality. When installed this version performs the following actions:
a) It connects to an internet server and reports some basic informations about the infected computer.
b) It modifies the following registry entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonSFCDisable = 4
This will stop the Windows File Protection from giving notification on replacement of system files or building a log for events.
c) If modifies the following registry entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftDomainService
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesDomainService where register itself as a service.
d) It creates a process that runs as a service which creates an event that in case its process is closed it restarts itself thus changing it’s process ID.Last update 21 November 2011
