Tarno.r
Tarno.r is a trojan that monitors software windows and accessed web pages for predefined keywords. Once the spyware detects such a keyword, it starts recording all the keystrokes that the user enters into many window fields and web forms. Gathered data is saved to several files, which are regularly transferred to a predetermined remote web server.
Tarno.r arrives in bogus e-mail with malicious executable attachements. Once the user runs such an attachment, the trojan secretly downloads its main components from the Internet and installs itself to the computer. Tarno.r is able to bypass the Windows Firewall.
The trojan works as an Internet Explorer add-on and therefore runs every time the user launches the web browser.
File System Modifications
- The following files were created in the system:
# File Name 1 file1185.exe 2 ierror.rep 3 ndppbzn.exe 4 sui.dll 5 svchost.dll 6 update.sys 7 winsetup.exe 8 wint.ini
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINESOFTWAREClassessvchost.UpdateHKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList[filename] - The following CLSID's were detected:
HKEY..\..\{CLSID Path}3A4E6FF3-BF59-446E-9DC8-731BCE2F349A
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.