F-Secure
Tools
Trojan:W32/Sacom.A
Summary
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
Details
File System Changes
Creates these files:
- %windir%\system32\comsa32.sys
- %windir%\Documents and Settings\[Username]\Local Settings\Temp\mta[Random Number].dll
Additional Details
This trojan attempts to contact the following domains:
The trojan is most probably attempting to download additional malware, or act as a silent advertisement clicker.
Registry
The trojan adds the following values to the registry.
These registry valued are encoded characters.
- jsactivity.com
- bfkq.com
- http://cnwebmastersblog.com/xabc/2.0/
- http://74.54.89.66/p0821/2.0/
- http://74.54.201.210/p0821/2.0/
- http://174.133.147.18/p0821/2.0/
- 74.54.201.210
- 74.55.37.210
- 74.54.89.66
- 174.133.126.2
The trojan is most probably attempting to download additional malware, or act as a silent advertisement clicker.
Registry
The trojan adds the following values to the registry.
- HKLM
- HKLM\SOFTWARE\Microsoft\WBEM
These registry valued are encoded characters.