Home Malware Programs Trojans TR/BHO.Zwangi.728.trojan

TR/BHO.Zwangi.728.trojan

Posted: May 10, 2011

TR/BHO.Zwangi.728.trojan is a malicious computer trojan that can compromise computer system's integrity by making changes to the PC system that enable it to be used for malicious purposes unidentified to the computer user. Usually, TR/BHO.Zwangi.728.trojan exploits vulnerabilities of installed software to gain remote, unauthorized access to your computer for monitoring the PC without the victim's knowledge. TR/BHO.Zwangi.728.trojan uses malicious tricks to download harmful malware from the web. TR/BHO.Zwangi.728.trojan opens up firewalls and gathers private information, such as personal financial information.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Application Data\av.exe
    2 %Temp%\mswinsck.exe
    3 C:\Documents and Settings\All Users\
    4 C:\Documents and Settings\All Users\Application Data\

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download 'RunInvalidSignatures' ='1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion Explorer\ShellFolders Startup="C:\windows\start menu\programs\startup C:\Windows\win.iniHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExtHKEY_CLASSES_ROOT\secfileHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[random string]'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
Loading...