Home / malwarePDF  

Trojan:Win32/Disabler.K


First posted on 24 September 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Disabler.K is also known as Win-Trojan/Securisk (AhnLab), W32/VB-Wird-based!Maximus (Authentium (Comma, Trojan.Win32.Vilsel.bxb (Kaspersky), W32/Suspicious_Gen.CKJL (Norman), Win32/Gpcode.F (AVG), TR/Crypt.FKM.Gen (Avira), Trojan.RegistryDisabler.cm0@aGSjQ5mi (BitDefender), Trojan.Win32.Vilsel (Ikarus), Trojan.Win32.Vilsel.bxb (Kaspersky), Trojan.Win32.Generic!BT (Sunbelt Software).

Explanation :

Trojan:Win32/Disabler.K is a trojan that disables the infected computers Windows Firewall, as well as modifying other system settings.
Top

Trojan:Win32/Disabler.K is a trojan that disables the infected computers Windows Firewall, as well as modifying other system settings. Payload Modifies system settings Trojan:Win32/Disabler.K modifies the computer's system settings by making modifications to the registry. It makes the following modifications:

  • Disables the Windows Firewall:
    In subkey: HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    Sets value: "EnableFirewall"
    With data: "0"
  • Disables folder options of file explorer (for example, so a user cannot change the options to view hidden files and folders):
    In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    Sets value: "NofolderOptions"
    With data: "1"
  • Ensures that a user can't view and stop processes using a task manager:
    In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Sets value: "DisableTaskMgr"
    With data: "1"
  • Prevents the user from running the Registry Editor:
    In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Sets value: "DisableRegistryTools"
    With data: "1"
    • Closes applications Trojan:Win32/Disabler.K prevents the user from running certain administration tools by killing the window of any application that contains the following text in its title:
  • Remote Administrator v2.1 Setup
  • Registry Editor
  • Options for Remote Administrator server 2.1
  • Tuneup Registry Editor


    • Analysis by Amir Fouda

    Last update 24 September 2010

     

    TOP

    Malware :

    Family: