New Description

New is a Trojan infection that PC security researchers first identified in 2007. This dangerous Trojan will often hide as a svchost.exe file process on the infected computer, making it difficult to identify in the task manager. The New Trojan is designed to disable native security software on the infected computer, making it difficult to remove for inexperienced computer users. However, ESG malware analysts report that simply starting up in Safe Mode will stop the New Trojan from being able to protect itself effectively. Then, it is simply a matter of using an updated anti-malware program to remove the New Trojan completely.

Effects Associated With the New Trojan

The New Trojan can cause several disruptions on the infected computer system. As part of New's installation process, New makes changes to the Windows Registry and to your system settings. It also disables certain native Windows processes and changes your Internet browser settings. The New Trojan is known to hijack Internet browsers in an effort to both protect itself and download other malware programs. This Trojan also attempts to connect to a remote server and constitutes a known risk to your privacy and your computer's security. The New Trojan is a notorious resource hog. The presence of the New Trojan on your computer will often result in general instability and decreased performance. Monitoring your file processes will often reveal a svchost.exe file process that is using an abnormally large amount of memory.

How the New Trojan Infects a Computer System?

The New Trojan is associated with corrupted advertisements that exploit security issues in your Internet browser, to force your computer to download and install malware. This is one reason why ESG malware analysts consider it a good idea to disable Flash and JavaScript for any websites that you do not visit regularly. Typical advertisements that may infect your computer with the New Trojan will offer to scan your computer system for malware, or optimize your computer's performance. ESG PC security researchers strongly advise against falling for these scams; these advertisements are simply vehicles that deliver Trojan infections onto your computer. Any malware scans, or computer optimization procedures should come directly from reputable computer security experts, never from a random advertisement. Other ways in which the New Trojan is spread include fake video codecs on adult video websites and spam email attachments.

Technical Information

File System Details

New creates the following file(s):
# File Name Detection Count
1 %AppData%\0bdfar.exe N/A
2 %AppData%\1x97n2jeb.exe N/A
3 %AppData%\jbpiclth.bat N/A
4 %Temp%\arp.bat N/A
5 %AppData%\MouseDriver.bat N/A
6 [file and pathname of the sample #1] N/A

Registry Details

New creates the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\[filename of the sample #1 without extension]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Plug Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority Service\Security
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\[filename of the sample #1 without extension]\DEBUG
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Local Account Authority Service