|
Trojan Muvipaz downloads publicity
|
 | Trojan Muvipaz is characterized mainly by downloading publicity through pop-ups. It can also download other malicious codes from remote pages created with malicious purpose. |
Trojan Muvipaz starts to operate when it is run for the first time:
It creates one of the following files in random files:
| %ProgramFiles%\Notify\notify.exe
%System%\Agent.dll
%UserProfile%\Desktop\Terms.lnk
%UserProfile%\Desktop\.url.
|
The entries generates in the register so that the malware can run automatically every time Windows starts are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This entry is also added the value:
"Notification Utility" = "%ProgramFiles%\Notify\notify.exe /silent"
I can also generate passwords in the register. Among them, it is possible to find:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\AMNotifier.EXE
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\MPAgent.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
\{7911272A-A32A-404E-8A51-EE18B99B18C4}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID
\{CCEBBEB5-D011-41B5-9F92-01F88A38DC0D}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{7BF58804-E672-4B96-8EEC-BFCCE6492C9A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID
\{B3E19860-0CD5-4991-A066-4FCA2704DE59}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{9A395C6C-E42E-4777-B8EF-FDDEB705F3FB}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface
\{CF1E4638-637F-499D-8309-FD71B9750ABC}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib
\{AFDBB222-DEA9-4C12-B3A3-A13C2985E3EE}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AMNotifier.HUBAWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\MPAgent.Agent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\notify
HKEY_LOCAL_MACHINE\SOFTWARE\notify
Read more... |
News 
