Home / malwarePDF  

Trojan:Win32/Camec.A


First posted on 10 September 2010.
Source: SecurityHome

Aliases :

Trojan:Win32/Camec.A is also known as Trojan.Win32.BHO.akns (Kaspersky), TR/BHO.akns (Avira), Trojan.BhoSiggen.3775 (Dr.Web), Trojan.Win32.BHO (Ikarus).

Explanation :

Trojan:Win32/Camec.A is a detection for a component of TrojanSpy:Win32/Camec.A. It disables User Account Control and updates another malware.
Top

Trojan:Win32/Camec.A is a detection for a component of TrojanSpy:Win32/Camec.A. It disables User Account Control and updates another malware. Installation Trojan:Win32/Camec.A is downloaded and installed by TrojanDownloader:Win32/Camec.A as a Browser Helper Object (BHO). It may be present in the computer as the following file: <system folder>\soundupkd.dll Note: <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32. Payload Disables User Account Control (UAC) Trojan:Win32/Camec.A disables User Account Control (UAC) by modifying the following registry entry: Sets value: "EnableLUA" With data: "0x00000000" In subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ Updates other malware Trojan:Win32/Camec.A connects to a remote server, where it checks if there is an update for TrojanSpy:Win32/Camec.A. If one is available, it downloads and installs it.

Analysis by Daniel Radu

Last update 10 September 2010

 

TOP