Home / malware Trojan.Mentono
First posted on 25 September 2015.
Source: SymantecAliases :
There are no other names known for Trojan.Mentono.
Explanation :
The Trojan may be downloaded to the computer by other malware or may arrive through visiting malicious websites.
When the Trojan is executed, it creates the following folders: %UserProfile%\Local Settings\Tempfolder\[RANDOM CHARACTERS]%System%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]%System%\[RANDOM CHARACTERS]%UserProfile%\Application Data\[RANDOM CHARACTERS]
Next, the Trojan creates the following files: %System%\[RANDOM CHARACTERS]\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dat %UserProfile%\Application Data\[RANDOM CHARACTERS]\uninstaller.exe%UserProfile%\Local Settings\Tempfolder\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].exe%UserProfile%\Local Settings\Tempfolder\[RANDOM CHARACTERS]\[RANDOM CHARACTERS].dll
The Trojan then modifies the following file: %System%\dnsapi.dll
The Trojan then creates the following registry entry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\"cmdrun" = "cmd.exe /C ipconfig /flushdns"
Next, the Trojan creates one of the following mutexes: Global\Matil daGlobal\Nopel Mento
The Trojan then redirects users accessing particular legitimate websites to the following remote locations: 107.178.255.88107.178.247.130 107.178.248.130
These remote locations may further compromise the computer with additional spyware and adware.Last update 25 September 2015