Trojan.Darkshell Description

Trojan.Darkshell is a Trojan that might be able to initiate distributed denial of service (DDoS) attacks. After installation, Trojan.Darkshell copies itself to the specific web page. Trojan.Darkshell also downloads and installs a rootkit with the particular file name. The rootkit modifies the System Service Dispatch Table (SSDT) in a try to disguise Trojan.Darkshell. Trojan.Darkshell then creates the certain registry subkey to add itself as a system service. Trojan.Darkshell also creates some registry entries. Trojan.Darkshell connects to the particular website to post a unique identifier of the affected computer system and downloads a list of web page links and then initiates a distributed denial-of-service attack on the given web page links. Uninstall Trojan.Darkshell as soon as possible.

Type: Trojans

How Can You Detect Trojan.Darkshell?

Trojan.Darkshell Removal Details

Trojan.Darkshell has typically the following processes in memory:

• %System%\fkrekk[RANDOM NUMBERS].exe
• %System%\drivers\PCIDump.sys

Trojan.Darkshell creates the following registry entries:

• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrkk[RANDOM NUMBERS]\”ImagePath” = “%System%\fkrekk[RANDOM NUMBERS].exe”
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrkk[RANDOM NUMBERS]\”Type”
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrkk[RANDOM NUMBERS]\”ErrorControl” = “0×00000000″
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrkk[RANDOM NUMBERS]\”Description” = “FkreFoxkk Browser[RANDOM NUMBERS]”
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrkk[RANDOM NUMBERS]\”Start” = “0×00000002″
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrk[RANDOM NUMBERS]
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrkk[RANDOM NUMBERS]\”DisplayName” = “FkreFoxkk[RANDOM NUMBERS]”
• HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fkrkk[RANDOM NUMBERS]\”ObjectName” = “LocalSystem”

Important Article Disclaimer