Trojan.Milicenso
Trojan.Milicenso Description
Trojan.Milicenso is a Trojan downloader that uses advanced techniques to misrepresent itself as a low-level PC threat while Trojan.Milicenso is used for other attacks against the infected PC. Because Trojan.Milicenso’s payload is configurable, the risks that can result from a Trojan.Milicenso infection may vary, but Trojan.Milicenso’s trademark side effect is a series of seemingly-infinite printouts (due to Trojan.Milicenso’s incorporation of a fake printer spool or .spl file in its infection routine). Trojan.Milicenso infections have been observable since 2010, but SpywareRemove.com malware researchers have noted a significant increase in Trojan.Milicenso attacks as of the time of this writing, and residents of India and the United States should be considered particularly at risk for potential infection by Trojan.Milicenso via fake video codec files.
How Trojan.Milicenso Uses Minor Malware to Hide Even Worse Intentions Than That
Trojan.Milicenso’s modern versions have been found to be distributed to South America, Europe, the US and India through various methods, but especially by way of fake codec files. These faux codecs appear when you attempt to play a seemingly non-functional movie and are requested to update your player or a related media package, and acquire a Trojan.Milicenso infection instead of the desired codec. As usual, SpywareRemove.com malware researchers encourage potential victims of Trojan.Milicenso attacks (namely, anyone using Windows from versions 95 up to Server 2008) to install their media software only from reputable sources.
Trojan.Milicenso is particularly noted to include Adware.Eorezo as part of its default structure, but this appears to be a slight-of-hand misdirection rather than Trojan.Milicenso’s primary payload.
Trojan.Milicenso: From Movie Player to Printer Nightmare
During its installation, Trojan.Milicenso creates a fake .spl file in the Printer subdirectory of the System32 folder. Although this fake file actually is a malicious executable instead of a spool, associated printers are unable to determine this. As a result, computers that are infected by Trojan.Milicenso will often begin to print endless pages of seemingly random symbols. Thankfully, SpywareRemove.com malware researchers have found that this doesn’t cause permanent harm to the printer in question; deleting Trojan.Milicenso’s components in an anti-malware scan will return your printer’s behavior to normal.
It’s suggested that you embark upon this course of action ASAP, since Trojan.Milicenso can also lower your Internet Explorer security settings, change the Windows Registry without your consent and create an environment of vulnerability to other PC threats. Because Trojan.Milicenso uses encryption techniques, as well as other methods to avoid detection, keeping anti-malware software updated is also advised to maximize your Trojan.Milicenso-detection success rates.
Trojan.Milicenso Automatic Detection Tool (Recommended)
Is your PC infected with Trojan.Milicenso? To safely & quickly detect Trojan.Milicenso, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Trojan.Milicenso
What happens if Trojan.Milicenso does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 file.exe 513 2 file.exe 497 3 xpsp4ress.dll 431 4 %System%\[RANDOM CHARACTERS].dll N/A 5 %Temp%\[RANDOM CHARACTERS].bat N/A 6 %Windir%\Tasks\[RANDOM CHARACTERS].job N/A 7 %ProgramFiles%\[EXISTING FOLDER NAME]\[RANDOM FILE NAME].dll N/A 8 %ProgramFiles%\[EXISTING FOLDER NAME]\[RANDOM FILE NAME].exe N/A 9 %System%\[RANDOM FILE NAME].exe N/A 10 %Temp%\[RANDOM FILE NAME].exe N/A 11 %Temp%\[RANDOM FILE NAME].dll N/A
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"2" = "[BINARY DATA]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"4" = "[BINARY DATA]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"5" = "[BINARY DATA]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"7" = "[BINARY DATA]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"8" = "[BINARY DATA]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\"9" = "[BINARY DATA]"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM VALUE]" = "[PATH TO TROJAN EXECUTABLE]"HKEY_CURRENT_USER\Software\NKARYVBF\"Sg" = "[BINARY DATA]"HKEY_CURRENT_USER\System\CurrentControlSet\"1" = "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\System\CurrentControlSet\"10" = "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\System\CurrentControlSet\"3" = "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\System\CurrentControlSet\"4" = "[RANDOM CHARACTERS]"HKEY_CURRENT_USER\System\CurrentControlSet\"5" = "1"HKEY_CURRENT_USER\System\CurrentControlSet\"7" = "1"HKEY_CURRENT_USER\System\CurrentControlSet\"8" = "1"HKEY_CURRENT_USER\System\CurrentControlSet\"9" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\FreeCodec_I\DEBUG\"Trace Level" = ""HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\"2" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\"4" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\"5" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\"7" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\"8" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\"9" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\"[RANDOM VALUE]" = "[PATH TO TROJAN EXECUTABLE]"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM VALUE]" = "[PATH TO TROJAN EXECUTABLE]"HKEY_LOCAL_MACHINE\SOFTWARE\NKARYVBF\"Sg" = "[BINARY DATA]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"1" = "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"10" = "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"3" = "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"4" = "[RANDOM CHARACTERS]"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"5" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"7" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"8" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\"9" = "1"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\"1900:TCP" = "1900:TCP:LocalSubNet:Enabled:UDP 1900"HKEY_USERS\.DEFAULT\Software\NKARYVBF\"Sg" = "[BINARY DATA]"HKEY_USERS\.DEFAULT\System\CurrentControlSet\"5" = "1"HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\ Software\Microsoft\MultimediaHKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM VALUE]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia
Posted: June 22, 2012 | By SpywareRemove
MoreThreat Level: 9/10
(No Ratings Yet)
Loading ...Rate this article:
Detection Count: 49
