Home / malware Trojan.Scieron.B
First posted on 12 August 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Scieron.B.
Explanation :
The Trojan must be downloaded and installed manually.
When the Trojan is executed, it creates the following files: %UserProfile%\AppData\Local\Temp\hidsvc.dat%Windir%\Drivers\hidsvc.sys%Windir%\seclog32.dll%System%\msoert32.dll
Next, the Trojan modifies the following file:
%System%\sysprep\CRYPTBASE.DLL
The Trojan then creates the following registry entry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon\Parameters\"ServiceDll" = "%Windir%\seclog32.dll"
The Trojan then connects to the following remote locations:autohome.suroot.comautohome.serveuser.com
The Trojan may then perform the following actions: Listen for incoming connectionsOpen a command shell for the remote attackerAllow the remote attacker to execute commands on the compromised computerCreate, list, and remove processes, files, and registry entriesGather cached URLs and recently opened filesLast update 12 August 2014