Trojan.Apmod
Trojan.Apmod is a hazardous backdoor trojan that is generated to penetrate vulnerable computer systems and allow remote access onto the affected computer system. Trojan.Apmod is included in an Apache module that must be manually installed on an affected computer that is running an Apache Web server. Trojan.Apmod is responsible for proliferating unwanted programs and other forms of malware threat via the Internet. Trojan.Apmod is an identified security threat and has to be removed immediately upon detection.
File System Modifications
- The following files were created in the system:
# File Name 1 %AllUsersProfile%\.dll 2 %AllUsersProfile%\.exe 3 %AllUsersProfile%\Application Data\.dll 4 %AllUsersProfile%\Application Data\.exe 5 %AllUsersProfile%\Application Data\~ 6 %AllUsersProfile%\Application Data\~r 7 %AllUsersProfile%\~ 8 %AllUsersProfile%\~r 9 %UserProfile StartMenu\Programs\Trojan.Apmod\ 10 %UserProfile%\Desktop\Trojan.Apmod.lnk 11 %UserProfile%\Start Menu\Programs\Trojan.Apmod\Trojan.Apmod.lnk 12 %UserProfile%\Start Menu\Programs\Trojan.Apmod\Uninstall Trojan.Apmod.lnk
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "CheckExeSignatures" = 'no'HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Use FormSuggest" = 'yes'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "CertificateRevocation" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings "WarnonBadCertRecving" = '0'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop “NoChangingWallPaper” = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations "LowRiskFileTypes" = '/{hq:/s`s:/ogn:/uyu:/dyd:/c`u:/bnl:/ble:/sdf:/lrh:/iul:/iulm:/fhg:/clq:/kqf:/`wh:/lqf:/lqdf:/lnw:/lq2:/l2t:/v`w:/rbs:'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments "SaveZoneInformation" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr" = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ""HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ".exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system "DisableTaskMgr" = '1'
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.