Downloader.Liftoh is a Trojan that drops more malware infections onto the compromised PC. Once run, Downloader.Liftoh replicates itself to the specific location. Downloader.Liftoh creates the registry entry so that it can load automatically whenever you start Windows. Downloader.Liftoh encompasses an injected DLL file which is unpacked into memory. The DLL file can drop and run payloads or inject them into current processes. Downloader.Liftoh drops and runs malevolent files from the specific web addresses.

Technical Information

File System Details

Downloader.Liftoh creates the following file(s):
# File Name
1 %UserProfile%\Application Data\[RANDOM LETTERS].exe

Registry Details

Downloader.Liftoh creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\[RANDOM LETTERS]\"CurrentPath111" "%WorkingDirectory%\%SampleName%"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.