Home / malware TrojanDownloader:Win32/Romst.A
First posted on 07 October 2014.
Source: MicrosoftAliases :
There are no other names known for TrojanDownloader:Win32/Romst.A.
Explanation :
Threat behavior
Installation
TrojanDownloader:Win32/Romst.A copies itself to c:\documents and settings\administrator\local settings\temp\windys.exe. The malware creates the following files on your PC:
- c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\services\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico
Payload
Contacts remote hosts
TrojanDownloader:Win32/Romst.A may contact the following remote hosts using port 80:
- 137.175.4.150
- www.live.com
Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 1ca7c0acd771a92a4db00b04bee6008fa4d17c3e.Symptoms
- Confirm Internet connectivity
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\local settings\application data\microsoft\internet explorer\services\search_{0633ee93-d776-472f-a0ff-e1416b8b2e3a}.ico
c:\documents and settings\administrator\local settings\temp\windys.exeLast update 07 October 2014
