Trojan.Smowbot

By Sumo3000 in Trojans

Trojan.Smowbot is a Trojan that opens a back door and distributes other malware infections onto the targeted PC. While being run, Trojan.Smowbot creates copies of itself by dropping the potentially infectious files. Trojan.Smowbot then creates the specific registry entry so that it can load automatically whenever you boot up Windows. To bypass the Windows firewall, Trojan.Smowbot creates the specific registry entries. Trojan.Smowbot also makes modifications to a number of registry entries. Trojan.Smowbot strives to connect to a command-and-control server for getting instructions that permit remote cybercriminals to fulfill harmful actions, such as update itself, download and run other files and send spam email messages for spreading itself to other PCs.

File System Details

Trojan.Smowbot may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	%System%\actxprxy.exe
Name: %System%\actxprxy.exe Type: Executable File Group: Malware file
2.	%System%\admparse.exe
Name: %System%\admparse.exe Type: Executable File Group: Malware file

Registry Details

Trojan.Smowbot may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%System%\actxprxy.exe" = "%System%\actxprxy.exe:*:Enabled:enable"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\"EnableFileTracing" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\"EnableConsoleTracing" = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\"Guid" = "710adbf0-ce88-40b4-a50d-231ada6593f0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\"Active" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\"ControlFlags" = "1"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%System%\admparse.exe" = "%System%\admparse.exe:*:Enabled:enable"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\"MaxFileSize" = "1048576"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\"ConsoleTracingMask" = "4294901760"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\"BitNames" = "NAP_TRACE_BASE NAP_TRACE_NETSH"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier\"Guid" = "b0278a28-76f1-4e15-b1df-14b209a12613"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\"Active" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"smwcore" = "%System%\admparse.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\"FileTracingMask" = "4294901760"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\"FileDirectory" = "%Windir%\tracing"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\"LogSessionName" = "stdout"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier\"BitNames" = "Error Unusual Info Debug"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\"ControlFlags" = "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\"LogSessionName" = "stdout"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Trojan.Smowbot

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen