Home / malware Trojan.Injector.CZ
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Injector.CZ is also known as TR/Crypt.XPACK.Gen, (Avira.
Explanation :
Once executed, it will run svchost.exe, passing its own file name as a parameter, in order to be loaded by services.exe. It will then open svchost process and overwrite a part of its memory with its own code and data (this is why the process svchost.exe may be detected as Trojan.Injector.CZ in memory dumps). Then it will create a remote thread running in this process, which will connect to various web-sites, attempting to download other malware components.
Since it is running as svchost, there are chances that certain firewalls will be bypassed. It may also create various .tmp files inside the current folder, having names composed of hexa-decimal numbers (formed by digits from 0 to 9 and characters from A to F).Last update 21 November 2011