Home Malware Programs Spyware Trojan.Win32.Sasfis.bbnf

Trojan.Win32.Sasfis.bbnf

Posted: June 28, 2011

Trojan.Win32.Sasfis.bbnf is a Trojan horse that installs malicious files onto your PC, launches itself whenever Windows loads, sends email messages with a built-in client engine and sends information to or receive information from remote criminals. Trojan.Win32.Sasfis.bbnf Trojans are highly likely to install or be installed with other PC threats, including worms and other dropper Trojans. Although the evidence of a Trojan.Win32.Sasfis.bbnf infection may be scanty, an untreated Trojan.Win32.Sasfis.bbnf infection is a high-priority invasion of both your privacy and computer security. If at all possible, delete Trojan.Win32.Sasfis.bbnf and related threatening programs with well-equipped anti-virus software.

Trojan.Win32.Sasfis.bbnf: the Spammer That You Didn't Know Was Hiding on Your PC

As is the case with many other Trojans, Trojan.Win32.Sasfis.bbnf infects your PC in secret and tries to avoid creating readily-seen signs of Trojan.Win32.Sasfis.bbnf's presence. A Trojan.Win32.Sasfis.bbnf infection will hide its files and memory processes with randomly-generated names and will remain active by default just by your starting Windows.

Trojan.Win32.Sasfis.bbnf will use your computer's resources to create spam email messages for random Gmail accounts, with the sender listed spoofed in the form of an equally random 'the planet' account. These messages will not show up in your normal online mailbox or anywhere else, since Trojan.Win32.Sasfis.bbnf sends them by using a hidden SMTP engine.

The Many Other Messages Trojan.Win32.Sasfis.bbnf May Slip Past Your Firewall

Unfortunately, Trojan.Win32.Sasfis.bbnf's online traffic doesn't end with email messages. Trojan.Win32.Sasfis.bbnf has also been seen contacting websites for the purpose of harvesting the IP addresses of infected computers; this may enable remote criminals to launch attacks on your PC.

Like most Trojans, Trojan.Win32.Sasfis.bbnf can also download and install harmful files without requiring your consent and will send information about your computer to remote parties. Trojan.Win32.Sasfis.bbnfTrojan.Win32.Sasfis.bbnf has been seen attempting to contact over a dozen remote hosts in a single infection. This activity may produce a general slowdown in your computer due to excessive resource usage, and this symptom may be the only cue you have to notice a Trojan.Win32.Sasfis.bbnf attack.

In some cases, Trojan.Win32.Sasfis.bbnf has also been seen altering the infected computer's system settings to interfere with System Certificates. Since Trojan.Win32.Sasfis.bbnf is an advanced threat that alters the Windows Registry, you shouldn't try to remove Trojan.Win32.Sasfis.bbnf alone unless you're an expert in PC security. For casual computer users, the preferable way to delete Trojan.Win32.Sasfis.bbnf is to rely on an anti-virus or security scanner that can find and quarantine Trojan.Win32.Sasfis.bbnf and related threats.

Trojan.Win32.Sasfis.bbnf infections have been seen recently in June 2011. You should update any security software for recent PC threats before trying to get rid of Trojan.Win32.Sasfis.bbnf. Since Trojan.Win32.Sasfis.bbnf is a very recent threat, Trojan.Win32.Sasfis.bbnf may avoid being detected by software that lacks the relevant threat definitions.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %AppData%\giHcfk68Gd.txt
    2 %System%\goocufo.exe
    3 %System%\jekoojooquiw.exe
    4 %Temp%\723.exe
    5 %Temp%\ffttbmgt779FBE44.tmp
    6 %Temp%\jD1B837A2.tmp
    7 %Temp%\wju3AACDE32.tmp
    8 %Temp%\wqqi90E1BEF1.tmp
    9 %Temp%\xcyA30CB8E9.tmp
    10 %UserProfile%\fxmdk.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uaayeegiuoHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uaayeegiuo\SecurityHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uaayeegiuoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uaayeegiuo\Security
Loading...