Downloader.Generic_c.AHI

Posted: July 16, 2009

Yet another in the long line of variants emanating from the Generic Downloader family, Downloader.Generic_c.AHI infiltrates your computer through system or security exploitation, or manually by you unsuspectingly executing an unknown program. Downloader.Generic_c.AHI typically spreads due to email, malicious or hacked web pages, Internet Relay Chat (IRC), and peer-to-peer networks. The purpose of Downloader.Generic_c.AHI is to retrieve and excute files from a remote server on the compromised machine, typically a password-stealing component.

File System Modifications

The following files were created in the system:

# File Name

1 %WinDir%\services.exe

#	File Name
1	%WinDir%\services.exe

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ Shell= "Explorer.exe %WinDir%\services.exe"

One Comment

nelson says:

October 14, 2009 at 11:29 am

beautiful

Downloader.Generic_c.AHI

File System Modifications

Registry Modifications

One Comment

Leave a Reply