Home / malware

PDF

Trojan:Win32/Emuni.A

First posted on 17 September 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Emuni.A is also known as Trojan.Win32.KillProc.bs (Kaspersky), TR/Killproc.BS (Avira), Trojan.Fakealert.18759 (Dr.Web), Win32/KillProc.NAJ (ESET), Trojan.Win32.KillProc (Ikarus).

Explanation :

Trojan:Win32/Emuni.A is a detection for a trojan component of the rogue Win32/Rudoct. The trojan terminates certain security-related processes.
Top

Trojan:Win32/Emuni.A is a detection for a trojan component of the rogue Win32/Rudoct. The trojan terminates certain security-related processes. InstallationThis trojan may be installed by other malware such as Rogue:Win32/Rudoct and may be present as the following:

%ProgramFiles%\Def Group\PC Defender\prockill32.exe

Payload Terminates certain processesThis trojan component is run by Win32/Rudoct to terminate the following security-related processes:

msconfig.exe - Microsoft Configuration utility

taskmgr.exe - Windows Task Manager

rstrui.exe - Windows system restore

regedit.exe - Windows Registry Editor

mbam.exe - MalwareBytes Antimalware utility

pctsGui.exe - utility application

ExterminateIt.exe - utility application

ccleaner.exe - utility application

procexp.exe - Microsoft/Sysinternals Process Explorer

Analysis by Daniel Radu

Last update 17 September 2010

 

TOP