Wednesday, January 21, 2009

kSite Trojan

Removing kSite
Categories: Trojan,BHO,Hijacker,Downloader
This category includes a variety of Trojans that damage victim machines or
threaten data integrity, or impair the functioning of the victim machine.
As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.Hijackers are software programs that modify users' default browser home page,
search settings, error page settings, or desktop wallpaper without adequate notice, disclosure,
or user consent.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.
kSite Also known as:

[Kaspersky]TrojanDownloader.Win32.Small.aa;
[Eset]Win32/TrojanDownloader.Small.AA trojan
Visible Symptoms:
Files in system folders:
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf

How to detect kSite:

Files:
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf
[%PROFILE_TEMP%]\ICD2.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD1.tmp\installer.inf
[%WINDOWS%]\TEMP\ICD2.tmp\installer.inf

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{A1DC3241-B122-195F-B21A-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{a1dc3241-b122-195f-b21a-000000000000}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\internet settings\5.0\cache\extensible cache\mshist012003041020030411
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\fucksite

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\search

Removing kSite:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Icon.Plus DoS Removal
Tm.Logger Spyware Removal
Win32.VB Trojan Removal

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)