Home Malware Programs Trojans Trojan.Win32.Inhoo

Trojan.Win32.Inhoo

Posted: November 2, 2009

Trojan.Win32.Inhoo is a Trojan that enables attackers to access a computer system remotely. Trojan.Win32.Inhoo has been found to set the drive to autoplay by creating an 'autorun.inf' file in its root directory. If the drive is shared across the network, then other distinct computers can be affected any time they attempt access. Trojan.Win32.Inhoo is also able to downloads other malicious files from the Internet. Trojan.Win32.Inhoo was found to create a startup registry entry that loads into memory at boot of Windows. Trojan.Win32.Inhoo registers a 32-bit in-process server DLL. Trojan.Win32.Inhoo registers a Browser Helper Object (Microsoft's Internet Explorer plugin module) as well. Trojan.Win32.Inhoo can change system settings without the users permission which could further compromise the infected system.

Aliases

Win-Trojan/MalPacked.Gen (AhnLab)
PWS-Gamania.gen.a (McAfee)
Trojan.Packed.NsAnti (Symantec)
Packed.Win32.Krap.b (Kaspersky Lab)
Mal/Generic-A (Sophos)

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\4tddfwq0.dll
    2 %System%\4tddfwq1.dll
    3 %System%\dsewtds0.dll
    4 %System%\dsewtds1.dll
    5 %System%\kav26.dll
    6 %System%\kav27.dll
    7 %System%\kavo0.dll
    8 %System%\kavo1.dll
    9 %System%\kavo2.dll
    10 %System%\lgsym.dll
    11 %System%\mgsym.dll
    12 %System%\mmvo0.dll
    13 %System%\mmvo1.dll
    14 %System%\pytdfse0.dll
    15 %System%\pytdfse1.dll
    16 %System%\revo.exe
    17 %System%\revo0.dll
    18 %System%\revo1.dll
    19 %System%\weidfsg.exe
    20 %systemdir% MD5=\ahnfgss0.dll
    21 %systemdir% MD5=\ahnfgss1.dll
    22 %systemdir% MD5=\ahnxsds0.dll
    23 %Temp%\4tddfwq0.dll
    24 %Temp%\4tddfwq1.dll
    25 ahnsbsb.exe
    26 c:\3i.com
    27 c:\f.exe
    28 yl0tyb6w.com
Loading...