Home Malware Programs Trojans PWCrack-Aircrack

PWCrack-Aircrack

Posted: November 19, 2010

PWCrack-Aircrack is a malicious Trojan horse that may represent security risk for the compromised system or its network environment. PWCrack-Aircrack uses backdoors to install contaminated files from the internet onto a compromised computer. PWCrack-Aircrack may spread via drive-by downloads and does not require a user's permission to run on a computer. PWCrack-Aircrack comes bundled with a corrupt installation program which allows the malware to run once the PC starts up. Remove PWCrack-Aircrack as soon as it has been detected.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 c:\AiroWizard\aircrack-ng.exe
    2 c:\AiroWizard\aireplay-ng.exe
    3 c:\AiroWizard\airodump-ng.exe c:\AiroWizard\AiroWizard.xml
    4 c:\AiroWizard\AiroWizardCodeFlow.dll
    5 c:\AiroWizard\AiroWizDLL.dll
    6 c:\AiroWizard\airserv-ng.exe
    7 c:\AiroWizard\Atheros
    8 c:\AiroWizard\Atheros Driver 4.2.2.104 CommView WiFi\ar5211.sys
    9 c:\AiroWizard\Atheros Driver 4.2.2.104 CommView WiFi\net5211.cat
    10 c:\AiroWizard\ca2k.dll
    11 c:\AiroWizard\commview.dll
    12 c:\AiroWizard\currmac.tmp
    13 CommView WiFi\net5211.inf

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D8F7E4-120C-4862-AFC2-7AF532280D8B}\InprocServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D8F7E4-120C-4862-AFC2-7AF532280D8B}\ProgID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D8F7E4-120C-4862-AFC2-7AF532280D8B}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D8F7E4-120C-4862-AFC2-7AF532280D8B}\VERSION][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21D8F7E4-120C-4862-AFC2-7AF532280D8B}]
Loading...