SecurityHome.eu Trojan:W32/Vilsel

Home / malware PDF

Trojan:W32/Vilsel

First posted on 18 November 2009.
Source: SecurityHome
Aliases :
Trojan:W32/Vilsel is also known as TrojanDownloader:Win32/Agent.KY (Microsoft), Vilsel trojan (McAfee).
Explanation :
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

Additional DetailsVariants in the Trojan:W32/Vilsel family download a file onto the system. While active, the trojan also connect to and downloads files from the following website:

Â Â â€¢Â http://fc.webmasterpro.de/as_[...].php?name=run

Registry Changes

Trojan:W32/Vilsel disables the Windows firewall by modifying the registry entry:

Â Â â€¢Â HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile
EnableFirewall = 0
It also makes changes to the following registry keys:
Â Â â€¢Â HKUS-1-5-21-299502267-823518204-839522115-1003SoftwareMicrosoftwindowsCurrentVersionInternet Settings
MigrateProxy = 1 Â Â â€¢Â HKUS-1-5-21-299502267-823518204-839522115-1003SoftwareMicrosoftwindowsCurrentVersionInternet Settings
ProxyEnable = 0 Â Â â€¢Â HKLMSYSTEMCURRENTCONTROLSETHARDWARE PROFILESCURRENTSoftwareMicrosoftwindowsCurrentVersionInternet Settings
ProxyEnable = 0 Â Â â€¢Â HKUS-1-5-21-299502267-823518204-839522115-1003
SavedLegacySettings =
Last update 18 November 2009

TOP

Malware :

Last 20