Home Malware Programs Trojans Trojan.Win32.LogonInvader.a

Trojan.Win32.LogonInvader.a

Posted: March 12, 2010

Trojan.Win32.LogonInvader.a is a malicious Trojan which modifies system settings and may have a negative impact on system security. Trojan.Win32.LogonInvader.a essentially lowers security settings and drops files on the compromised computer. Trojan.Win32.LogonInvader.a is designed to open a large security loophole through which hundreds of malicious adware and spyware can be piped to your machine. In addition, Trojan.Win32.LogonInvader.a steals username and password information and sends the stolen data to devious hackers for malicious purposes. Trojan.Win32.LogonInvader.a poses a severe security risk to any PC and should be removed immediately once detected.

Aliases

Trojan.Win32.LogonInvader (Ikarus)
Dropper/Malware.335184 (AhnLab)

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %ProgramFiles%\Images\%UserName%\07-03-2010\23-10-58
    2 %ProgramFiles%\server.exe
    3 %System%\winfiles.exe
    4 %Windir%\GessM.exe
    5 %Windir%\winfiles.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F689FD98-DD67-4D13-9259-6644329F9041}][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Loading...