Threat Database Trojans Win32/Rustock

Win32/Rustock

Win32/Rustock is a Trojan that downloads corrupt files to the local computer which may be a security risk. Win32/Rustock installs a default debugger that is injected into the execution sequence of a target program. If a threat is installed as a default debugger it will run each time a compromised program is started, either to imitate it and hide its own presence, for instance, an open port or a running process, or just to be activated as often as possible. Remove Win32/Rustock before it allows other malware onto the system.

File System Details

Win32/Rustock may create the following file(s):
# File Name Detections
1. %Windir%\xpdx.sys
2. %Windir%\lzx32.sys
3. %Windir%\braviax.exe
4. secure32.html

Registry Details

Win32/Rustock may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
HKEY_CLASSES_ROOT\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN “braviax.exe”
HKEY_CLASSES_ROOT\CLSID\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{A8954909-1F0F-41A5-A7FA-3B376D69E226}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2}

Trending

Most Viewed

Loading...