Home / malware Trojan.Spy.Wsnpoem.HA
First posted on 21 November 2011.
Source: BitDefenderAliases :
There are no other names known for Trojan.Spy.Wsnpoem.HA.
Explanation :
At execution this malware is a trojan that copies itself in %WINDIR%system32
tos.exe (or C:Documents and settings\%username%Application Data) and he will create a registry key in order to make sure it will be executed after every reboot.
He will inject in svchost.exe and winlogon.exe and he can provide backdoor and proxy server capabilities.Last update 21 November 2011