Trojan.Milicenso

By Domesticus in Trojans | 32 views
Rate it:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
 More... More

Trojan.Milicenso Description

Malware researchers have warned against a recent outbreak of Trojan.Milicenso infections. This irritating Trojan will cause printers to start up unexpectedly and start printing without being prompted by the computer user. Basically, this has led to a shortage of printer paper in various regions and a tremendous waste. The printouts caused by the Trojan.Milicenso Trojan are pure garbage and are designed to prompt waste and irritate computer users. Basically, this malware infection forces the victim’s printer to print out until the machine is out of paper. Initially discovered in 2010, the Trojan.Milicenso Trojan will usually be associated with an adware infection detected as Adware.Eorezo.

How Trojan.Milicenso Enters a Computer

Like most Trojans, the Trojan.Milicenso Trojan cannot spread on its own from one computer to another. Rather, Trojan.Milicenso uses social engineering tactics to convince computer users themselves to download and install Trojan.Milicenso itself, or other malware designed to download and install this malware infection along with other malware threats. Some examples of ways in which Trojan.Milicenso can enter a computer include spam email attachments and attack websites that install Trojan.Milicenso with the use of malicious exploits. Often, a Trojan.Milicenso infection will occur by accident due to a computer user unintentionally clicking a malicious email attachment. Like many Trojans, the Trojan.Milicenso Trojan has also been distributed as a bogus video codec in order to view online streaming videos on suspicious online streaming video websites or packaged along with popular movies in peer to peer file sharing networks.

The Trojan.Milicenso Trojan Has Spread all Around the World

Malware analysts have observed Trojan.Milicenso widespread infections in the United States and India, and as of 2012, this malware infection has also started to infect regions of Europe and South America. Keeping your security software fully updated should contribute greatly towards protecting your computer system from this malware threat. ESG security analysts recommend that offices in affected regions of the world monitor their printer activity since a Trojan.Milicenso infection can cause a considerable waste of money and resources. A Trojan.Milicenso infection will have several effects, such as running aware on the victim’s computer and enabling the presence of other malware infections on the victim’s PCs. However, the main characteristic of this malware infection is the fact that Trojan.Milicenso causes printers to spew out random characters until they run out of paper. While for a domestic user, this can mean little more than losing a single package of printer paper; an infection throughout a company’s network can cause considerable waste.

Type: Trojans

How Can You Detect Trojan.Milicenso?

Download SpyHunter’s Detection Scanner
to Detect Trojan.Milicenso.

Can’t install SpyHunter? Click here to view possible causes of installation issues.

Trojan.Milicenso Removal Details

Trojan.Milicenso has typically the following processes in memory:

  • %ProgramFiles%\[EXISTING FOLDER NAME]\[RANDOM FILE NAME].dll
  • %System%\[RANDOM CHARACTERS].dll
  • %Temp%\[RANDOM FILE NAME].dll
  • %Temp%\[RANDOM FILE NAME].exe
  • %Temp%\[RANDOM CHARACTERS].bat
  • %ProgramFiles%\[EXISTING FOLDER NAME]\[RANDOM FILE NAME].exe
  • %System%\[RANDOM FILE NAME].exe

Trojan.Milicenso creates the following files in the system:

  • %Temp%\[RANDOM CHARACTERS].bat
  • %Windir%\Tasks\[RANDOM CHARACTERS].job

Trojan.Milicenso creates the following registry entries:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”4″ = “[BINARY DATA]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”8″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”4″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”8″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\System\CurrentControlSet\”10″ = “[RANDOM CHARACTERS]”
  • HKEY_CURRENT_USER\Software\NKARYVBF\”Sg” = “[BINARY DATA]”
  • HKEY_CURRENT_USER\System\CurrentControlSet\”5″ = “1″
  • HKEY_USERS\.DEFAULT\System\CurrentControlSet\”5″ = “1″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\FreeCodec_I\DEBUG\”Trace Level” = “”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”4″ = “[RANDOM CHARACTERS]”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”5″ = “1″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”[RANDOM VALUE]” = “[PATH TO TROJAN EXECUTABLE]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”2″ = “[BINARY DATA]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”7″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”2″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”7″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\System\CurrentControlSet\”1″ = “[RANDOM CHARACTERS]”
  • HKEY_CURRENT_USER\System\CurrentControlSet\”4″ = “[RANDOM CHARACTERS]”
  • HKEY_CURRENT_USER\System\CurrentControlSet\”9″ = “1″
  • HKEY_USERS\.DEFAULT\Software\NKARYVBF\”Sg” = “[BINARY DATA]”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”10″ = “[RANDOM CHARACTERS]”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”3″ = “[RANDOM CHARACTERS]”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”9″ = “1″
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\”[RANDOM VALUE]” = “[PATH TO TROJAN EXECUTABLE]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\[RANDOM VALUE]
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\”1900:TCP” = “1900:TCP:LocalSubNet:Enabled:UDP 1900″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”5″ = “[BINARY DATA]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”9″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”5″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”9″ = “[BINARY DATA]”
  • HKEY_CURRENT_USER\System\CurrentControlSet\”3″ = “[RANDOM CHARACTERS]”
  • HKEY_CURRENT_USER\System\CurrentControlSet\”8″ = “1″
  • HKEY_CURRENT_USER\System\CurrentControlSet\”7″ = “1″
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”1″ = “[RANDOM CHARACTERS]”
  • HKEY_LOCAL_MACHINE\SOFTWARE\NKARYVBF\”Sg” = “[BINARY DATA]”
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”8″ = “1″
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”7″ = “1″
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[RANDOM VALUE]” = “[PATH TO TROJAN EXECUTABLE]”
  • HKEY_CURRENT_USER\ Software\Microsoft\Multimedia

Important Article Disclaimer

ESG Support Center

This entry was last updated on 06/22/12 and posted on 06/22/12. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
« ‘Mystery Shopper Market Research’ Scam
Trojan.Fakeavlock »

Leave a Comment

Note: Abusive comments are not allowed. Please do not post comments regarding technical support issues. ESG customers that have issues with SpyHunter should open a customer support ticket.

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word

Popular Malware

Popular Trojans

Recent Malware

Home | SpyHunter Risk Assessment Model | Privacy Policy | End User License Agreement | Additional Terms and Conditions
Copyright 2003-2012. Enigma Software Group USA, LLC. All Rights Reserved.