Trojan-Downloader.Win32.Piker.zk
Trojan-Downloader.Win32.Piker.zk is a malicious Trojan program that downloads files to the local computer which may be a security risk. Trojan-Downloader.Win32.Piker.zk installs a default debugger that is injected into the execution sequence of a target program. If a threat is installed as a default debugger it, will run each time a compromised program is started, either to imitate it and hide its own presence, for instance, an open port or a running process, or just to be activated as often as possible.
Aliases
PWS:Win32/Zbot.YE [Microsoft]
Mal/Waled-B [Sophos]
Mal/Waled-B [Sophos]
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\shsyed\ehlxsysguard.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download][HKEY_CURRENT_USER\Software\Microsoft\Windows Script\Settings][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]HKEY..\..\..\..{RegistryKeys}JITDebug = 0x00000001LowRiskFileTypes = ".exe"RunInvalidSignatures = 0x00000001SaveZoneInformation = 0x00000001qpncxusp = "%AppData%\shsyed\ehlxsysguard.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.