Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
[Kaspersky]Trojan-Clicker.Win32.Small.kj,Packed.Win32.PolyCrypt.d;
[McAfee]AdClicker-EV;
[F-Prot]W32/Trojan.MHQ;
[Other]Win32/Doklin.T,Win32/Doklin!generic,WIn32/Doklin.AL,Win32/Doklin.AY,Trojan:Win32/Meredrop,Troj/DropRun-E,W32/PolyCrypt.A
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll
How to detect Doklin:
Files:
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll
[%WINDOWS%]\service32.exe
[%WINDOWS%]\svchost.dll
[%PROFILE_TEMP%]\1.html.$$$
[%WINDOWS%]\sys32exploer.dll
[%WINDOWS%]\sysnet32.exe
[%WINDOWS%]\systempro32.dll
Registry Keys:
HKEY_CLASSES_ROOT\c3.bho3
HKEY_CLASSES_ROOT\c3.bho3.1
HKEY_CLASSES_ROOT\CLSID\{58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}
HKEY_CLASSES_ROOT\interface\{35b576b9-5a0f-43d7-8174-2ac714dc3ad2}
HKEY_CLASSES_ROOT\typelib\{bbd0d9e0-ee99-4c66-ac1e-2e77d40fe7c9}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}
HKEY_CLASSES_ROOT\clsid\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{58fb2cbb-c874-45fc-a1c9-b62cc9e3bed9}
Registry Values:
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\software\4f27v1d89m
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run
Removing Doklin:
You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.
Or buy it to remove ALL viruses from your computer.Also Be Aware of the Following Threats:
TrojanSpy.Win32.VB.am Trojan Symptoms
Removing Fade Backdoor
No comments:
Post a Comment