Trojan.Win32.ExeDot.del

Posted: October 28, 2010

Trojan.Win32.ExeDot.del is a malicious Trojan horse that may represent security risk for the compromised system or its network environment. Trojan.Win32.ExeDot.del uses backdoors to install contaminated files from the Internet onto a compromised computer. Trojan.Win32.ExeDot.del may spread via drive-by downloads and does not require a user's permission to run on a computer. Trojan.Win32.ExeDot.del comes bundled with a malicious installation program. Remove Trojan.Win32.ExeDot.del as soon as it has been detected.

Aliases

BackDoor-EDY.b (McAfee)
TROJ_EXEDOT.SMA (Trend Micro)
Mal/BHO-P (Sophos)
Trojan:Win32/BHO.AM (Microsoft)
Trojan.Win32.ExeDot (Ikarus)

Registry Modifications

The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\InprocServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AFD4AD01-58C1-47DB-A404-FBE00A6C5486}]HKEY..\..\..\..{RegistryKeys}(Default) = "Browser Helper Object"(Default) = "{8E3C68CD-F500-4A2A-8CB9-132BB38C3573}"(Default) = [pathname with a string SHARE]\lib.dll"ThreadingModel = "Apartment"

Trojan.Win32.ExeDot.del

Aliases

Registry Modifications

Leave a Reply