Home / malware Trojan:Win32/Ceensol.A
First posted on 01 April 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Ceensol.A.
Explanation :
Threat behavior
Installation
Trojan:Win32/Ceensol.A creates the following files on your PC:
- c:\documents and settings\administrator\application data\extension.dll
- c:\documents and settings\administrator\application data\mcsconfig.exe
- c:\documents and settings\administrator\application data\registerymane.cmd
- c:\documents and settings\administrator\application data\winregist.er
- c:\documents and settings\administrator\local settings\application data\google\chrome\user data\default\preferences
- c:\documents and settings\administrator\local settings\temp\$inst\2.tmp
- c:\documents and settings\administrator\local settings\temp\$inst\temp_0.tmp
Payload
Contacts remote host
Trojan:Win32/Ceensol.A might contact a remote host at likeshitbox.com using port 80. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 47cadc6f72686d80c1050d1d96876c50aadac03f.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
c:\documents and settings\administrator\application data\extension.dll
c:\documents and settings\administrator\application data\mcsconfig.exe
c:\documents and settings\administrator\application data\registerymane.cmd
c:\documents and settings\administrator\application data\winregist.er
c:\documents and settings\administrator\local settings\application data\google\chrome\user data\default\preferences
c:\documents and settings\administrator\local settings\temp\$inst\2.tmp
c:\documents and settings\administrator\local settings\temp\$inst\temp_0.tmpLast update 01 April 2014
