Home Malware Programs Rogue Anti-Spyware Programs Messenger Infium 2009 Final

Messenger Infium 2009 Final

Posted: June 5, 2009

Messenger Infium 2009 Final is new rogue software that displays annoying popups and installs backdoors and Trojans. This software installs Remote Administrator (Radmin) 2.0 in the victim’s PC. By installing Remote Administrator (Radmin), a remote user is able to gain complete access to the PC. During the installation process a DLL file is also injected into another process named svchost.exe.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 C:\Program Files\Infium
    2 C:\Program Files\Infium\Messenger Infium Final
    3 C:\Program Files\Infium\Messenger Infium Final\123.reg
    4 C:\Program Files\Infium\Messenger Infium Final\AdmDll.dll
    5 C:\Program Files\Infium\Messenger Infium Final\raddrv.dll
    6 C:\Program Files\Infium\Messenger Infium Final\start.bat
    7 C:\Program Files\Infium\Messenger Infium Final\svchost.exe
    8 C:\WINDOWS\AdmDll.dll
    9 C:\WINDOWS\raddrv.dll
    10 C:\WINDOWS\svchost.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_serverHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\EnumHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_serverHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\EnumHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\SecurityHKEY_LOCAL_MACHINE\SYSTEM\RAdminHKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\ServerHKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\ParametersHKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\iplist
Loading...