Virus:TR/Proxy.Lager.AQ.1
Date discovered:21/03/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:4.608 Bytes
MD5 checksum:f3d0c43986004a77e4b3425ac7b780a5
VDF version:6.34.00.79

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows NT
   • Windows 2000
   • Windows XP
   • Windows 2003

 Rootkit Technology It is a malware-specific technology. The malware hides its presence from system utilities, security applications and in the end, from the user.


Hides the following:

– Files that contain the substring in their filename:
   • taskdir

– Processes that contain the following substring in their names:
   • taskdir

– Registry values that contain the following substring:
   • taskdir


Method used:
    • Hidden from Windows API

Hooks the following API functions:
   • NtQuerySystemInformation
   • NtEnumerateValueKey
   • NtQueryDirectoryFile

Description inserted by Andrei Gherman on Tuesday, April 4, 2006
Description updated by Andrei Gherman on Friday, April 7, 2006

Back . . . .