TR/BHO.Zwangi.728.trojan
TR/BHO.Zwangi.728.trojan is a malicious computer trojan that can compromise computer system's integrity by making changes to the PC system that enable it to be used for malicious purposes unidentified to the computer user. Usually, TR/BHO.Zwangi.728.trojan exploits vulnerabilities of installed software to gain remote, unauthorized access to your computer for monitoring the PC without the victim's knowledge. TR/BHO.Zwangi.728.trojan uses malicious tricks to download harmful malware from the web. TR/BHO.Zwangi.728.trojan opens up firewalls and gathers private information, such as personal financial information.
File System Modifications
- The following files were created in the system:
# File Name 1 %Documents and Settings%\[UserName]\Application Data\av.exe 2 %Temp%\mswinsck.exe 3 C:\Documents and Settings\All Users\ 4 C:\Documents and Settings\All Users\Application Data\
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download 'RunInvalidSignatures' ='1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion Explorer\ShellFolders Startup="C:\windows\start menu\programs\startup C:\Windows\win.iniHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExtHKEY_CLASSES_ROOT\secfileHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[random string]'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.