Threat Database Trojans Trojan.Castov


By JubileeX in Trojans

Threat Scorecard

Ranking: 5,736
Threat Level: 10 % (Normal)
Infected Computers: 9,618
First Seen: May 28, 2013
Last Seen: September 19, 2023
OS(es) Affected: Windows

Trojan.Castov is a Trojan that opens a back door on the corrupted PC and may distribute and install other malware infections. Trojan.Castov is distributed by another malware infection. Trojan.Castdos may deliver other malware infections from hijacked webmails. Trojan.Castov downloads and installs system libraries with various names. Trojan.Castov makes modifications to the Windows Registry so that it can load automatically whenever the computer user starts Windows.

File System Details

Trojan.Castov may create the following file(s):
# File Name Detections
1. %System%\wuauieop.exe
2. %System%\ole[RANDOM LETTERS].dll
3. %Windir%\Temp\~MR[RANDOM NUMBER].tmp

Registry Details

Trojan.Castov may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVCSvc\Security\"Security" = 72080136442216448
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVCSvc\"DisplayName" = "WZCSVCSvc"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVCSvc\"ErrorControl" = 1
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVCSvc\Parameters\"ServiceDll" = "%SystemRoot%\System32\olewzcsvc.dll"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVCSvc\"ImagePath" = "%SystemRoot%\System32\svchost.exe -k netsvcs"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WZCSVCSvc\Parameters\"ServiceMain" = "RoutineMain"


Trojan.Castov may call the following URLs:


Most Viewed