W32/Kryptik.AX!tr
W32/Kryptik.AX!tr is an FTP Trojan that comes bundled with UPX and, when unpacked, it has its own mechanisms in place to prevent emulation. W32/Kryptik.AX!tr collects details of a corrupted host's FTP servers. W32/Kryptik.AX!tr watches for many well-known FTP applications that incorporate 'Ghisler's Windows and Total Commander', 'Far FTP', 'GlobalSCAPE CuteFTP', 'WS_FTP' and 'FlashFXP'. W32/Kryptik.AX!tr queries the Windows Registry for the path of either an .ini or .dat file. W32/Kryptik.AX!tr can also query for the actual host, username and password associated with the particular FTP client program via registry subkeys. Also, if possible, W32/Kryptik.AX!tr also checks the ShSpecialFolder for the occurrence of identified FTP client directories and then manually looks for both the .ini and .dat files. For CuteFTP, W32/Kryptik.AX!tr queries the Windows Registry, and aside from querying the Windows Registry, W32/Kryptik.AX!tr also parses particular folders. W32/Kryptik.AX!tr is able to update itself and drop new versions. W32/Kryptik.AX!tr strives to contact particular domains to drop updates.
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.