Messenger Infium 2009 Final
Messenger Infium 2009 Final is new rogue software that displays annoying popups and installs backdoors and Trojans. This software installs Remote Administrator (Radmin) 2.0 in the victim’s PC. By installing Remote Administrator (Radmin), a remote user is able to gain complete access to the PC. During the installation process a DLL file is also injected into another process named svchost.exe.
File System Modifications
- The following files were created in the system:
# File Name 1 C:\Program Files\Infium 2 C:\Program Files\Infium\Messenger Infium Final 3 C:\Program Files\Infium\Messenger Infium Final\123.reg 4 C:\Program Files\Infium\Messenger Infium Final\AdmDll.dll 5 C:\Program Files\Infium\Messenger Infium Final\raddrv.dll 6 C:\Program Files\Infium\Messenger Infium Final\start.bat 7 C:\Program Files\Infium\Messenger Infium Final\svchost.exe 8 C:\WINDOWS\AdmDll.dll 9 C:\WINDOWS\raddrv.dll 10 C:\WINDOWS\svchost.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_serverHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\EnumHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\r_server\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_serverHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\EnumHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\r_server\SecurityHKEY_LOCAL_MACHINE\SYSTEM\RAdminHKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0HKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\ServerHKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\ParametersHKEY_LOCAL_MACHINE\SYSTEM\RAdmin\v2.0\Server\iplist
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.