Categories: Malware,BHO
Malware includes a range of programs that do not threaten computers directly,
but are used to create viruses or Trojans, or used to carry out illegal activities
such as DoS attacks and breaking into other computers. BHO (Browser Helper Object) Trojan.
The BHO waits for the user to post personal information to a monitored website.
As this information is entered by the user, it is captured by the BHO and sent back to the attacker.
The method of network transport used by the attacker makes this Trojan unique.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.
Instead, this Trojan encodes the data with a simple XOR algorithm before placing it into
the data section of an ICMP ping packet." explained the company.
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\abiuninst.htm
[%WINDOWS%]\bi.dll
[%WINDOWS%]\Biprep.exe
[%WINDOWS%]\Buddy.exe
[%WINDOWS%]\ceres.dll
[%WINDOWS%]\Downloaded Program Files\thin.inf
[%WINDOWS%]\DrUninst.exe
[%WINDOWS%]\farmmext.ini
[%WINDOWS%]\inf\biK.inf
[%WINDOWS%]\inf\ceres.inf
[%WINDOWS%]\inf\farmmext.inf
[%WINDOWS%]\inf\morphstb.inf
[%WINDOWS%]\inf\payload.inf
[%WINDOWS%]\inf\payload2.inf
[%WINDOWS%]\inf\Pynix.inf
[%WINDOWS%]\inf\Pynix.PNF
[%WINDOWS%]\inf\sprnopol.inf
[%WINDOWS%]\inf\zserv.inf
[%WINDOWS%]\morphstb.ini
[%WINDOWS%]\mxTarget.dll
[%WINDOWS%]\satmat.exe
[%WINDOWS%]\speeryox.dll
[%WINDOWS%]\voiceip.dll
[%WINDOWS%]\abiuninst.htm
[%WINDOWS%]\bi.dll
[%WINDOWS%]\Biprep.exe
[%WINDOWS%]\Buddy.exe
[%WINDOWS%]\ceres.dll
[%WINDOWS%]\Downloaded Program Files\thin.inf
[%WINDOWS%]\DrUninst.exe
[%WINDOWS%]\farmmext.ini
[%WINDOWS%]\inf\biK.inf
[%WINDOWS%]\inf\ceres.inf
[%WINDOWS%]\inf\farmmext.inf
[%WINDOWS%]\inf\morphstb.inf
[%WINDOWS%]\inf\payload.inf
[%WINDOWS%]\inf\payload2.inf
[%WINDOWS%]\inf\Pynix.inf
[%WINDOWS%]\inf\Pynix.PNF
[%WINDOWS%]\inf\sprnopol.inf
[%WINDOWS%]\inf\zserv.inf
[%WINDOWS%]\morphstb.ini
[%WINDOWS%]\mxTarget.dll
[%WINDOWS%]\satmat.exe
[%WINDOWS%]\speeryox.dll
[%WINDOWS%]\voiceip.dll
How to detect Transponder:
Files:
[%WINDOWS%]\abiuninst.htm
[%WINDOWS%]\bi.dll
[%WINDOWS%]\Biprep.exe
[%WINDOWS%]\Buddy.exe
[%WINDOWS%]\ceres.dll
[%WINDOWS%]\Downloaded Program Files\thin.inf
[%WINDOWS%]\DrUninst.exe
[%WINDOWS%]\farmmext.ini
[%WINDOWS%]\inf\biK.inf
[%WINDOWS%]\inf\ceres.inf
[%WINDOWS%]\inf\farmmext.inf
[%WINDOWS%]\inf\morphstb.inf
[%WINDOWS%]\inf\payload.inf
[%WINDOWS%]\inf\payload2.inf
[%WINDOWS%]\inf\Pynix.inf
[%WINDOWS%]\inf\Pynix.PNF
[%WINDOWS%]\inf\sprnopol.inf
[%WINDOWS%]\inf\zserv.inf
[%WINDOWS%]\morphstb.ini
[%WINDOWS%]\mxTarget.dll
[%WINDOWS%]\satmat.exe
[%WINDOWS%]\speeryox.dll
[%WINDOWS%]\voiceip.dll
[%WINDOWS%]\abiuninst.htm
[%WINDOWS%]\bi.dll
[%WINDOWS%]\Biprep.exe
[%WINDOWS%]\Buddy.exe
[%WINDOWS%]\ceres.dll
[%WINDOWS%]\Downloaded Program Files\thin.inf
[%WINDOWS%]\DrUninst.exe
[%WINDOWS%]\farmmext.ini
[%WINDOWS%]\inf\biK.inf
[%WINDOWS%]\inf\ceres.inf
[%WINDOWS%]\inf\farmmext.inf
[%WINDOWS%]\inf\morphstb.inf
[%WINDOWS%]\inf\payload.inf
[%WINDOWS%]\inf\payload2.inf
[%WINDOWS%]\inf\Pynix.inf
[%WINDOWS%]\inf\Pynix.PNF
[%WINDOWS%]\inf\sprnopol.inf
[%WINDOWS%]\inf\zserv.inf
[%WINDOWS%]\morphstb.ini
[%WINDOWS%]\mxTarget.dll
[%WINDOWS%]\satmat.exe
[%WINDOWS%]\speeryox.dll
[%WINDOWS%]\voiceip.dll
Registry Keys:
HKEY_CLASSES_ROOT\clsid\{000006b1-19b5-414a-849f-2a3c64ae6939}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000006B1-19B5-414A-849F-2A3C64AE6939}
Registry Values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Removing Transponder:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
Remove Choprox Backdoor
Remove Fenster Trojan
Other Downloader Removal instruction
Remove BackDoor.BAC.gen Backdoor
ForBot Trojan Cleaner
No comments:
Post a Comment