F-Secure
Tools
Trojan:W32/Dursg.D
| Name : | Trojan:W32/Dursg.D |
| Category: | Malware |
| Type: | Trojan |
| Platform: | W32 |
Summary
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
Disinfection
Allow F-Secure Anti-Virus to disinfect the relevant files.
For more general information on disinfection, please see Removal Instructions.
Additional Details
Trojan:W32/Dursg.D downloads additional files (possibly malware) from remote sites without the knowledge or authorization of the user.
Execution
Upon executing, Trojan:W32/Dursg.D creates this directory:
It also creates these files under the new directory:
Activity
Once installed, Dursg.D attempts to connect and download from the following websites:
Trojan:W32:Dursg.D deletes itself after execution.
Registry Changes
The following registry keys are created to set a launchpoint:
Execution
Upon executing, Trojan:W32/Dursg.D creates this directory:
• %appdata%\SystemProc
It also creates these files under the new directory:
• %appdata%\SystemProc\lsass.exe - a copy of itself
• %appdata%\SystemProc\upd.exe
Activity
Once installed, Dursg.D attempts to connect and download from the following websites:
• http://controllqz.com/[removed]?aid=hidden
• http://simfreebox.com/[removed]?sd=2010-05-15&aid=hidden
Trojan:W32:Dursg.D deletes itself after execution.
Registry Changes
The following registry keys are created to set a launchpoint:
• HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
RTHDBPL = C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe
RTHDBPL = C:\Documents and Settings\user\Application Data\SystemProc\lsass.exe