MAC-NETHow toNetwork SecurityVirus ProtectionSpyware ProtectionDownloadReferenceContact
 

Do more with FirefoxNEW

Hijacked Browser Analysis

4-counter.com 3721

C2.lop browser hijacker

CWShredder

Edmond.exe

Intercom.exe Spyware

MWSOEMON.EXE - MyWebSearch

SearchPage CC Spyware

Spin4Dough Spyware

Sqwire.com home page hijack
Home » Spyware Protection » Hijacked Browser Analysis » Re: HijackThisLog Analysis - Supergluey » 

Win32.Wintrim

Win32.Wintrim is a family of trojans that download other files. They are considered trojans mainly because of their ability to terminate certain firewall software.   The Wintrim trojans install themselves by creating a subdirectory in the Windows directory and copying themselves into that location using two file names. Files downloaded by the trojan are also saved to this directory. They add a registry value to run one of the copies of the trojan each time Windows starts.

  • Win32.Wintrim.A
    • %windows%\wintrim\wintrim.exe
    • %windows%\wintrim\uninstall.exe
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\MC = "%windows%\wintrim\wintrim.exe"
  • Win32.Wintrim.E
    • %windows%\simcss\simcss.exe
    • %windows%\simcss\uninstall.exe
    • HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cpntmgc = "%windows%\simcss\simcss.exe"
    • or HKLM\Software\Microsoft\Windows\CurrentVersion\Run\cpntmgc = "%windows%\simcss\simcss.exe"

When the program is activated it will try to terminates various firewall products.

 

commentPost your comment 
Mail this pageMail this page

MAC-NET Secures IT | internet toolkit

© 2004-2008. All Rights Reserved.