Trojan:MSIL/Parpwuts.B


By LoneStar in Trojans

Trojan:MSIL/Parpwuts.B is a Trojan that shows advertising or pornographic websites on the corrupted PC. Trojan:MSIL/Parpwuts.B may pose as a genuine driver or update for a keyboard. While being installed on the affected computer, Trojan:MSIL/Parpwuts.B makes system changes by downloading malevolent files and modifying the Windows Registry. Trojan:MSIL/Parpwuts.B modifies the registry entry so that it can run its copy whenever Windows is started.

File System Details

Trojan:MSIL/Parpwuts.B may create the following file(s):
# File Name Detections
1. %HOMEPATH%\Administrator\drivers\explorer.exe
2. %HOMEPATH%\Administrator\drivers\iexplorer.exe

Registry Details

Trojan:MSIL/Parpwuts.B may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows\CurrentVersion\Run "Windows Explorer" = "%HOMEPATH%\Administrator\drivers\[malware file]"
HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows\CurrentVersion\Run "Windows Explorer" = "%HOMEPATH%\Administrator\drivers\[malware file]", for example "explorer.exe"
HKEY_LOCAL_MACHINE\SYSTEM\Software\Microsoft\Windows\CurrentVersion\Run "[RANDOM VALUE]", for example "M0UxOTBDNkYQwErTaSdFg" = "%HOMEPATH%\Administrator\[malware file]"


