Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJAN.JORIK.DREFIR.BF

 

 

 

Name:

Trojan.Jorik.Drefir.bf

Added:

August 29, 2011

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When Trojan.Jorik.Drefir.bf is executed, it performs the following activities:

After execution it drops the following files:

%Appdata%\cmd.exe
%Appdata%\cmd.exec
%Appdata%\{Random Number}.exe

It creates/modifies the following registry entries:

UACDisableNotify = 0x00000000
HKLM\SOFTWARE\Microsoft\Security Center

EnableLUA = 0x00000000
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system

{cmd.exe} = "%Appdata%\cmd.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

SystemReq = "%Appdata%\{Random Number}.exe"
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

{cmd.exe} = "%Appdata%\cmd.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

cmd.exe runs every time Windows starts

SystemReq = "%Appdata%\{Random Number}.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run


 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4