Home / malware Trojan:Win32/Mupad.A
First posted on 30 January 2017.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Mupad.A.
Explanation :
This threat may be downloaded from torrent sites with the following filename:
ScriptWriter.exe
It changes the following registry entry so that it runs each time you start your PC:
In subkey: HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\RunOnce
Sets value: "", for example "aywlvfodah"
With data: "ScriptWriter.exe"
It can connect to a remote server to send and receive information and possibly to download an updated copy of itself. We have observed this threat connecting to the following remote servers:
- g.tvilikho.ru
- g.delyemo.ru
- g.azmagis.ru
Last update 30 January 2017
