Virus: Trojan.Winlock.7372
Added to the virus database Dr.Web: 2012-11-14
Inserted 11/14/2012
Technical information
To ensure autorun and distribution:
Modifies the following registry keys:
[<HKLM> \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] ‘Microsoft Updater’ = ‘”<full path to the virus>”‘
Malicious functions:
To bypass the firewall removes or modifies the following registry keys:
[<HKLM> \ SYSTEM \ ControlSet001 \ Services \ SharedAccess \ Parameters \ FirewallPolicy \ StandardProfile] ‘EnableFirewall’ = ‘00000000 ‘ (more…)