1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Threats
  3. Virus and threat descriptions
  4. Trojan:W32/Vilsel

Trojan:W32/Vilsel

Name : Trojan:W32/Vilsel
Detection Names : Trojan.Win32.Vilsel.fk
Gen:Trojan.Heur.Vilsel.1, Trojan.Generic.2647704
Aliases : TrojanDownloader:Win32/Agent.KY (Microsoft)
Vilsel trojan (McAfee)
Category:Malware
Type:Trojan
Platform:W32

Summary

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.

Additional Details

Variants in the Trojan:W32/Vilsel family download a file onto the system. While active, the trojan also connect to and downloads files from the following website:

  •  http://fc.webmasterpro.de/as_[...].php?name=run


Registry Changes
 
Trojan:W32/Vilsel disables the Windows firewall by modifying the registry entry:

  •  HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
        EnableFirewall = 0

It also makes changes to the following registry keys:
  •  HKU\S-1-5-21-299502267-823518204-839522115-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
        MigrateProxy = 1
  • HKU\S-1-5-21-299502267-823518204-839522115-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
        ProxyEnable = 0 
  • HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings
        ProxyEnable = 0
  • HKU\S-1-5-21-299502267-823518204-839522115-1003
        SavedLegacySettings =