SecurityHome.eu Trojan.Buzus.CV

Home / malware PDF

Trojan.Buzus.CV

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Trojan.Buzus.CV is also known as Trojan.Win32.Buzus.auer, Win32/CeeInject.gen!A.
Explanation :
Once executed, file starts a new process with the same name. It injects an executable into the process memory, and then it drops it intro the system file,called netmon.exe. It order to ensure that it`s executed every time the system starts up, it creates a registry key entry HKLMSOFTWAREMicrosoftCurrentVersionRun with value of the executable file that is dropped intro system file.

Netmon.exe drops a driver into %system%drivers folder, called sysdrv32.sys, that is registered as a service. For spreading, it scans copies itself on removable drives, being executed using autorun.inf file.

To protect himself, it is hidden from user mode.
Last update 21 November 2011

TOP

Malware :

Backdoor.WinCE.Brador.A
WinCE.Dust.A
Backdoor:WinCE/PhoneCreeper.A
Dialer:WinCE/Terdial.A
Trojan:WinCE/Terdial

Last 20