Bohu Trojan

By ZulaZuza in Trojans

Trojan.Bohu is a hazardous computer Trojan which masks itself as a video player to avoid anti-virus software. Trojan.Bohu is primarily created to disable cloud based anti-virus software and its corresponding web dependent service. Trojan.Bohu spreads via social networking websites by sharing the download link of Trojan.Bohu and a fake video playback programs. Trojan.Bohu changes web browser's cookies and gives you a lot of ads and unwanted websites which may cause further malware on your computer. Trojan.Bohu has been produced to look innocent but has been intentionally made to result in some malicious activity or to provide a backdoor to your PC system. Trojan.Bohu is not coming alone, it requests and install malware infections without your consent. Trojan.Bohu has to be removed once detected, to eliminate it completely from your computer and keep your PC protected.

File System Details

Bohu Trojan may create the following file(s):
# File Name Detections
1. %System%\passthru.dll
2. %System%\siglow.dll
3. %System%\nethome32.dll
4. %ProgramFiles%baidu msfsg.exe
5. %System%\netplayone\netplayone.dll
6. %ProgramFiles%baidudsop7.xml
7. %ProgramFiles%baidu t0001.xml
8. %System%\netplayone\MyIEData\main.ini
9. %ProgramFiles%baidu s0001.xml
10. %System%\netplayone\MyIEData\SysDat.bin

Registry Details

Bohu Trojan may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetHomeIDE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\"PackedCatalogItem" = "%System%\netplayone\netplayone.dll"Read more how to delete Trojan.Bohu registry entries
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\speednet_sph\"PathName" = "%System%\netplayone\netplayone.dll"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Passthru

2 Comments

Well explained, i appreciate you posting this. very informative.

Thumbs up, this helps a lot for my thesis.

Trending

Most Viewed

Loading...