Home Malware Programs Trojans Packed.Win32.Katusha.o

Packed.Win32.Katusha.o

Posted: July 27, 2010

Packed.Win32.Katusha.o is a malicious Trojan which poses a severe threat to a compromised system. Packed.Win32.Katusha.o uses an IRC server to download corrupt files to the computer. Once active, Packed.Win32.Katusha.o will run each time the system is started up after infiltrating the registry. Remove Packed.Win32.Katusha.o immediately once detected.

Aliases

Backdoor.Win32.Cetorp
packed with: PE_Patch.UPX

File System Modifications

The following files were created in the system:

# File Name

1 hdyk.exe

2 secupdat.dat

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]HKEY..\..\..\..{RegistryKeys}MSConfig = "%UserProfile%\hdyk.exe \u"

One Comment

meshal says:

December 6, 2010 at 3:51 pm

i found a new name for this trojan on my system
the name is BKF.exe

thanx

Loading...