Clampi
Clampi is a Trojan horse that is able to connect to different remote servers to download updates or instructions to carry out on the compromised system. Clampi acts as a botnet and can spread through network shares or compromised websites that have malicious code installed. Clampi populates the infected system with multiple malicious executable files. When executed, Clampi is able to query the locale of the compromised computer. Detection of Clampi is very difficult because it uses encryption to stay hidden from various security applications.
Aliases
Rscan
Ligats
Ilomo
Win32/Ilomo.BC
TROJ_ILOMO.B
Ligats
Ilomo
Win32/Ilomo.BC
TROJ_ILOMO.B
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"GID"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"GatesList"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"KeyE"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"KeyM"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings\"PID"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.