Need help? Ask the community or hire an expert.
Go to Avira Answers
Date discovered:04/02/2013
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
File size:95232 Bytes
MD5 checksum:eb50ef8d56fc185d34b8f5edf864e97e
VDF version:
IVDF version:

 General Method of propagation:
   • No own spreading routine

   •  Bitdefender: Trojan.Generic.KDV.889778
   •  Eset: Win32/Trustezeb.C trojan
   •  Norman: W32/Kryptik.QIV

Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
   • Windows Vista
   • Windows Server 2008
   • Windows 7

Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %temp%\%10 digit random character string% .pre

The following files are created:

– Non malicious files:
   • %temp%\WERa791.dir00\explorer.exe.mdmp
   • %temp%\WERa791.dir00\explorer.exe.hdmp
   • %temp%\WERa791.dir00\appcompat.txt
   • %temp%\WERa791.dir00\manifest.txt

 Registry One of the following values is added in order to run the process after reboot:

–  [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
   • "tnnklyek"="%temp%\\%random character string%\\%10 digit random character string% .exe"

 Injection     All of the following processes:
   • %WINDIR%\explorer.exe
   • %SYSDIR%\svchost.exe

Description inserted by Wensin Lee on Sunday, March 10, 2013
Description updated by Wensin Lee on Monday, March 11, 2013

Back . . . .