Home / malware

PDF

Trojan:Win32/Mvpaten.A

First posted on 08 June 2010.
Source: SecurityHome

Aliases :

There are no other names known for Trojan:Win32/Mvpaten.A.

Explanation :

Trojan:Win32/Mvpaten.A is a trojan that runs other malware components installed along with it.
Top

Trojan:Win32/Mvpaten.A is a trojan that runs other malware components installed along with it. Installation When run, depending on the parameter given, Trojan:Win32/Mvpaten.A first traverses the following registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

In these keys, it looks for the following strings, which are related to security software, in the keys' DisplayName registry values:

avast

avira

nod32

kaspersky

norton

mcafee

trend micro

comodo

If none are found, Trojan:Win32/Mvpaten.A copies and runs itself as "netset.exe" in the current folder. Payload Executes other components Trojan:Win32/Mvpaten.A reads in the contents of another file named "plang.enu", presumably another component of this malware, and writes it as either "ntsd.tmp" or "pdat<3 random digits>.tmp". Removes traces of itself Trojan:Win32/Mvpaten.A deletes traces or files created by it during the process, which may include the following: dtnet.exe dtnet.dat plang.enu dsten.log It also tries to remove the following registry value, if found: Value: "netset" In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Analysis by Jireh Sanico

Last update 08 June 2010

 

TOP