Posts Tagged ‘Trojan.Winlock.7372’

Malware Trojan HorseVirus: Trojan.Winlock.7372

Added to the virus database Dr.Web: 2012-11-14
Inserted 11/14/2012

Technical information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM> \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] ‘Microsoft Updater’ = ‘”<full path to the virus>”‘

Malicious functions:

To bypass the firewall removes or modifies the following registry keys:

[<HKLM> \ SYSTEM \ ControlSet001 \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ StandardProfile] ‘EnableFirewall’ = ‘00000000 ‘ (more…)