Wednesday, January 28, 2009

TrojMax Backdoor

Removing TrojMax
Categories: Backdoor,RAT
Backdoors combine the functionality of most other types of in one package.
Backdoors have one especially dangerous sub-class: variants that can propagate like worms.

Some RAT trojans are pranks that are most likely being controlled by a friend or enemy on
April Fool's day or a holiday. Prank RATS are generally not harmful, and won't log keystrokes or hack.

TrojMax Also known as:

[Kaspersky]Backdoor.Tromax,Backdoor.Tromax.10;
[Panda]Bck/Tromas,Bck/Tromax;
[Computer Associates]Backdoor/Tromax
Visible Symptoms:
Files in system folders:
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsup.ini
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsup.ini

How to detect TrojMax:

Files:
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsup.ini
[%WINDOWS%]\downlo~1\cnsmincg.ini
[%WINDOWS%]\downlo~1\cnsup.ini

Folders:
[%WINDOWS%]\downloaded program files\3721

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}
HKEY_CLASSES_ROOT\clsid\{47387079-da8d-48ab-98c7-0017812d51ea}
HKEY_CLASSES_ROOT\idnhelper.actobj
HKEY_CLASSES_ROOT\idnhelper.actobj.1
HKEY_CLASSES_ROOT\idnhelper.idnhelperobj
HKEY_CLASSES_ROOT\idnhelper.idnhelperobj.1
HKEY_CLASSES_ROOT\interface\{09cee5c3-ceb5-4e4b-9885-a0bad4305d9a}
HKEY_CLASSES_ROOT\interface\{a13d9b20-dfce-46ce-894b-1d6a4f688f13}
HKEY_CLASSES_ROOT\typelib\{b9fad589-bb1b-4c06-bc98-16300869c24b}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\cnsmin
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{118CE65F-5D86-4AEA-A9BD-94F92B89119F}

Registry Values:
HKEY_CURRENT_USER\software\microsoft\internet explorer\extensions\cmdmapping

Removing TrojMax:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Bancos.GOL Trojan Information
Rbot.EXI Trojan Removal instruction

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)