F-Secure
Tools
Trojan:W32/Vilsel
| Name : | Trojan:W32/Vilsel |
| Detection Names : |
Trojan.Win32.Vilsel.fk Gen:Trojan.Heur.Vilsel.1, Trojan.Generic.2647704 |
| Aliases : |
TrojanDownloader:Win32/Agent.KY (Microsoft) Vilsel trojan (McAfee) |
| Category: | Malware |
| Type: | Trojan |
| Platform: | W32 |
Summary
A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.
Additional Details
Variants in the Trojan:W32/Vilsel family download a file onto the system. While active, the trojan also connect to and downloads files from the following website:
Registry Changes
Trojan:W32/Vilsel disables the Windows firewall by modifying the registry entry:
It also makes changes to the following registry keys:
• http://fc.webmasterpro.de/as_[...].php?name=run
Registry Changes
Trojan:W32/Vilsel disables the Windows firewall by modifying the registry entry:
• HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
EnableFirewall = 0
EnableFirewall = 0
It also makes changes to the following registry keys:
• HKU\S-1-5-21-299502267-823518204-839522115-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
MigrateProxy = 1
MigrateProxy = 1
• HKU\S-1-5-21-299502267-823518204-839522115-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings
ProxyEnable = 0
ProxyEnable = 0
• HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings
ProxyEnable = 0
ProxyEnable = 0
• HKU\S-1-5-21-299502267-823518204-839522115-1003
SavedLegacySettings =
SavedLegacySettings =