1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content




Trojan:W32/Vilsel

Name : Trojan:W32/Vilsel
Detection Names : Trojan.Win32.Vilsel.fk
Gen:Trojan.Heur.Vilsel.1, Trojan.Generic.2647704
Aliases : TrojanDownloader:Win32/Agent.KY (Microsoft)
Vilsel trojan (McAfee)
Category:Malware
Type:Trojan
Platform:W32

Summary

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

Additional Details

Variants in the Trojan:W32/Vilsel family download a file onto the system. While active, the trojan also connect to and downloads files from the following website:

  • http://fc.webmasterpro.de/as_[...].php?name=run


Registry Changes
 
Trojan:W32/Vilsel disables the Windows firewall by modifying the registry entry:

  • HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
    EnableFirewall = 0

It also makes changes to the following registry keys:
  • HKU\S-1-5-21-299502267-823518204-839522115-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
    MigrateProxy = 1
  • HKU\S-1-5-21-299502267-823518204-839522115-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
    ProxyEnable = 0 
  • HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings
    ProxyEnable = 0
  • HKU\S-1-5-21-299502267-823518204-839522115-1003
    SavedLegacySettings =