Home / malware Trojan:Win32/Hicsten.A
First posted on 23 October 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Hicsten.A is also known as W32/Threat-SysVenFak-based!Maximus (Authentium &, TR/ATRAPS.Gen (Avira), Trojan.Generic.4825119 (BitDefender), Trojan.Win32.Generic.5204BFB8 (Rising AV), Mal/Behav-160 (Sophos).
Explanation :
Trojan:Win32/Hicsten.A is a trojan that poses as a system utility and can open command shell with system privileges.
Top
Trojan:Win32/Hicsten.A is a trojan that poses as a system utility and can open command shell with system privileges. The trojan is intended to replace the file <system folder>\sethc.exe, which is the system utility for Sticky Keys. Thus when a key sequence is used, the trojan is invoked instead of the system utility. Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. The trojan also displays a fake message box intended to fool the user into accepting it as the Sticky Keys utility, as seen below: The trojan can open a command prompt with elevated privileges.
Analysis by Ray RobertsLast update 23 October 2010