Tuesday, December 9, 2008

SkinTrim Trojan

Removing SkinTrim
Categories: Trojan
This loose category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.

Multi-purpose Trojans are also included in this group, as some virus writers
create multi-functional Trojans rather than Trojan packs.
SkinTrim Also known as:

[Other]Win32/Skintrim.H
Visible Symptoms:
Files in system folders:
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk

How to detect SkinTrim:

Files:
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk
[%DESKTOP%]\WebMediaPlayer.lnk
[%WINDOWS%]\Temp\Install_WMP.exe
[%DESKTOP%]\WebMediaPlayer.lnk

Folders:
[%PROGRAMS%]\WebMediaPlayer
[%PROGRAM_FILES%]\mailskinner
[%PROGRAM_FILES%]\WebMediaPlayer
[%WINDOWS%]\msskinner

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{180b4ee9-1795-4429-9651-f17a6515726d}
HKEY_CLASSES_ROOT\interface\{0a089e22-5736-4092-b3f8-3f0d5f345482}
HKEY_CLASSES_ROOT\typelib\{5bad7fae-81f0-4439-8c1a-3e8907998047}
HKEY_CURRENT_USER\software\epk_extr
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app paths\webmediaplayer.exe
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\mailskinner
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webmediaplayer
HKEY_LOCAL_MACHINE\software\webmediaplayer

Registry Values:
HKEY_CURRENT_USER\software\exts\{8e09cb72-3143-4414-a1c2-63e9c0438472}
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run

Removing SkinTrim:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
SillyDl.CMI Trojan Removal

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)