Home / malware

PDF

Trojan.FatObfus.Gen

First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for Trojan.FatObfus.Gen.

Explanation :

Trojan.Fatobfus it’s an automated obfuscated file that acts like a downloader. Most of the time, it downloads different version of the Swizzor Trojan. Also a QHost Trojan is created sometimes. If it downloads the swizzor Trojan, the following files might appear in your computer:
some random name files (like 64a892.exe) in your temp directory (usually C:Documents and SettingsAdministratorLocal SettingsTemp)
Application Data directory may contain some directories formed by three or two word (like “time more” or “Tool meow bar”)
%systemdir%/drivers/host is modified.

Also, some registry key might be added in order to ensure that these processes are run when Windows starts.
HKLMSoftwareMicrosoftWindowsCurentVersionRun  will have a key that will run one of the programs that are in Application Data DirecoryHKLMSoftwareMicrosoftWindowsCurrentVersionExplorerBrowser helper Object  will also have a key that will run one of the programs that are in Application Data directory (usually an adware component that run with Internet Explorer )

Last update 21 November 2011

 

TOP