Ads Trojan.Infticker Friday, 30 December 2005 Trojan.Infticker is a Trojan horse that displays a ticker at the top of the screen stating the compromised computer is infected. Type: Trojan Horse Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP Damage Payload Trigger: n/a Payload: Attempts to trick users into believing they are infected with risks. Large scale e-mailing: n/a Deletes files: n/a Modifies files: n/a Degrades performance: n/a Causes system instability: n/a Releases confidential info: n/a Compromises security settings: n/a Distribution Subject of email: n/a Name of attachment: n/a Size of attachment: n/a Time stamp of attachment: n/a Ports: n/a Shared drives: n/a Target of infection: n/a When Trojan.Infticker is executed, it performs the following actions: Creates the mutex named "GlobalIconPanelMutex_0103" so that only one copy of the Trojan running. Adds the value: "[FILE NAME]" = "%CurrentFolder%[FILE NAME]" to the registry subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun so that the Trojan runs every time Windows starts. Adds the value: "Icon Panel" = "{43B3C583-43B3-C7D7-0000-000B43B3EFB9}" to the registry subkey: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexplorer which acts as an infection marker. Briefly displays the following ticker bar across the top of the screen every 60 seconds, or whenever the mouse moves to the top of the screen Warning! Your computer is infected! Press here for help! Note: The ticker disappears if the user moves the mouse away from the top of the screen. Opens Internet Explorer and goes to the following Web site, if the bar is clicked, which appears to be a site that claims to host antispyware programs: [http://]pcadprotector.cc/[REMOVED] Displays the following message, if a user attempts to close the ticker: Having closed this panel, you do not solve the problem! Press Help button to learn how to protect your computer. To delete the value from the registry: Navigate to the subkey: HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun In the right pane, delete the value: "[FILE NAME]" = "%CurrentFolder%[FILE NAME]" Navigate to the subkey: HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionexplorer In the right pane, delete the value: "Icon Panel" = "{43B3C583-43B3-C7D7-0000-000B43B3EFB9}" Exit the Registry Editor.   < Prev   Next > [ Back ]

Main Menu SpamAlerts | Windows | Linux | Tutorials | Excell | WhitePapers | News | Spam | Virus Windows Focus VNews Vulnerability Hacking Sql Injection map Downloads Affiliates Online Store Free Ringtones Seo Directory IWebListin Jobs in India Freshers Jobs listings. Winkeyfinder

Copyright 2005-2007 SpamAlertz.com, Content on this site is From variuos other emails, and Advisories.