Trojan-Downloader.Win32.Xanda.a
Trojan-Downloader.Win32.Xanda.a is a Trojan program that is deceptively installed to download malware and unwanted software onto an unsuspecting victim's computer. Trojan-Downloader.Win32.Xanda.a may download adware, spyware or other malware from multiple servers on the Internet. Trojan-Downloader.Win32.Xanda.a poses a high risk to a PC's security. Trojan-Downloader.Win32.Delf.tfy's symptoms include illicit network connections, self-mutation, disabling of security software and the installation of harmful malware. Trojan-Downloader.Win32.Xanda.a may can also transmit personal information without your consent and severely compromise the performance of your computer. Remove this malicious Trojan from the system immediately.
Aliases
Mal/Emogen-H, Mal/Emogen-F (Sophos)
TrojanDropper:Win32/Gontu.B (Microsoft)
Trojan-Dropper.Win32.Gontu (Ikarus)
TrojanDropper:Win32/Gontu.B (Microsoft)
Trojan-Dropper.Win32.Gontu (Ikarus)
File System Modifications
- The following files were created in the system:
# File Name 1 %DesktopDir%\Internet Explorer.lnk 2 %System%\SoundPC32.dll 3 %System%\SoundPC32.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper\Clsid][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\InprocServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\ProgID][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\VERSION][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}\ProxyStubClsid32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}\ProxyStubClsid][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0\0\win32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0\FLAGS][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0\HELPDIR][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0]HKEY..\..\..\..{RegistryKeys}(Default) = "%System%\SoundPC32.dll"(Default) = "%Windir%\system32"(Default) = "0"(Default) = "1.0"(Default) = "BrowserHelper"(Default) = "BrowserHelper.CBrowserHelper"(Default) = "CBrowserHelper"(Default) = "{00020424-0000-0000-C000-000000000046}"(Default) = "{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}"(Default) = "{A6E321E0-D1CC-4D57-8486-D9672D068B67}"Version = "1.0"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.