Trojan-Downloader.Win32.Xanda.a
Trojan-Downloader.Win32.Xanda.a contains malicious software that it drops and installs onto a victim's computer. Trojan-Downloader.Win32.Xanda.a may download a backdoor onto a compromised PC, giving remote attackers access to the system. Trojan-Downloader.Win32.Xanda.a may also surreptitiously turn a compromised PC into a bot that is used for other malicious activities. Trojan-Downloader.Win32.Xanda.a is a security threat that must be removed.
Table of Contents
Aliases
3 security vendors flagged this file as malicious.
| Anti-Virus Software | Detection |
|---|---|
| - | Trojan-Dropper.Win32.Gontu |
| - | TrojanDropper:Win32/Gontu.B |
| - | Mal/Emogen-F |
File System Details
Trojan-Downloader.Win32.Xanda.a may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %System%\SoundPC32.exe | |
| 2. | %System%\SoundPC32.dll | |
| 3. | %DesktopDir%\Internet Explorer.lnk |
Registry Details
Trojan-Downloader.Win32.Xanda.a may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\TypeLib]
(Default) = "BrowserHelper.CBrowserHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0\HELPDIR]
(Default) = "0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper\Clsid]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(Default) = "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\ProgID]
(Default) = "%System%\SoundPC32.dll"
Version = "1.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}\ProxyStubClsid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0\0\win32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0\FLAGS]
(Default) = "BrowserHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserHelper.CBrowserHelper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\VERSION]
(Default) = "{A6E321E0-D1CC-4D57-8486-D9672D068B67}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{82AF841B-4CBA-4F0D-87D9-39B38B317EF6}\TypeLib]
(Default) = "{00020424-0000-0000-C000-000000000046}"
(Default) = "CBrowserHelper"
(Default) = "%Windir%\system32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A6E321E0-D1CC-4D57-8486-D9672D068B67}\1.0]
(Default) = "{3AC4BF88-8BEB-4B87-AFBC-D090AB40B812}"
