Home / malware Trojan.Cidox.D
First posted on 14 October 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Cidox.D.
Explanation :
When the Trojan is executed, it copies itself to the following location:
%System%\cmdivvox.exe
Note: In order to hide its presence, the Trojan delete the original executed samples.
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\avicnd3d = "%System%\cmdivvox.exe"
The Trojan opens a back door on the compromised computer and connects to the following remote server:
musicvideotips.ru
The Trojan may perform the following actions:
Inject malicious code into explorer.exe to hide itselfInject code into browsers to steal data or inject its own data into the browser processesLog keystrokes and embed them in CAB filesSteal usernames and passwords associated with mail clients
The Trojan may steal the following information from the compromised computer:
Installed servicesComputer nameIP addressOperating systemAvailable physical memoryInstalled software
The Trojan may contact the remote server and send stolen information back to it.Last update 14 October 2014