Home Malware Programs Trojans Packed.Generic.232

Packed.Generic.232

Posted: November 3, 2009

Packed.Generic.232 is a malicious backdoor trojan that runs in the background and shows the the same threat characteristics of a ZBot banking trojan which disables the firewall and attempts to steal sensitive financial data (credit card numbers, online banking login details). Packed.Generic.232 creates a startup registry entries that load at boot of Windows. Packed.Generic.232 is a malicious trojan horse that may represent a severe security risk for the compromised system and/or its network environment and should be removed immediately.

Aliases

PWS:Win32/Zbot.gen!R (Microsoft)PWS:Win32/Zbot.gen!R

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\lowsec\local.ds
    2 %System%\sdra64.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_USERS\.DEFAULT\Software\Microsoft\Protected Storage System ProviderHKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}
Loading...