TrojanDownloader:Win32/Kolilks.B Description

TrojanDownloader:Win32/Kolilks.B is designed to communicate with a remote server in order to download and install malware onto a victim’s computer. TrojanDownloader:Win32/Kolilks.B may access a victim’s system via unsolicited e-mails or browser security holes. TrojanDownloader:Win32/Kolilks.B may also affect the operation your system as it allows harmful programs to manipulate your system and steal your private information. It is recommended to remove TrojanDownloader:Win32/Kolilks.B if detected.

Type: Trojans

How Can You Detect TrojanDownloader:Win32/Kolilks.B?

TrojanDownloader:Win32/Kolilks.B Technical Report

As new TrojanDownloader:Win32/Kolilks.B details are reported by our customers and findings from our Threat Research Center, we will update this section.

TrojanDownloader:Win32/Kolilks.B’s Country of Origin:

• China

TrojanDownloader:Win32/Kolilks.B has typically the following processes in memory:

• c:\G3KRMCTQ3ETS.EXE
• %Windir%\uxdrqmlpfpxnfyc.dll

TrojanDownloader:Win32/Kolilks.B creates the following registry entries:

• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}\TypeLib]
• (Default) = “%Windir%\uxdrqmlpfpxnfyc.dll”
• (Default) = “xunlei Class”
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Thunder.xunlei.1]
• (Default) = “Thunder.xunlei”
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}\InprocServer32]
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}]
• (Default) = “{00020424-0000-0000-C000-000000000046}”
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CEE55088-9CE9-3758-6B4F-4CA2CBD892E1}\VersionIndependentProgID]
• (Default) = “{97EFC6B7-C73A-423E-8458-82C589CA7E3B}”
• ThreadingModel = “Apartment”
• [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{11D9AE74-3FC1-41D6-911B-F5F503BBD8FE}\ProxyStubClsid]

Important Article Disclaimer