Avira Virus Lab


  • Name
  • Date discovered
    Jul 17, 2017
  • Type
  • Impact
  • Reported Infections
  • Operating System
  • VDF version (2017-07-17 11:42)

Stay safe from all these threats with Avira Free Antivirus.

Avira Free Antivirus Download Free

The term 'TR' denotes a trojan horse that is able to spy out data, violate your privacy, or perform unwanted modifications to the system.

  • VDF (2017-07-17 11:42)
  • Files
    The following files are changed:
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    • %SYSDIR%\wbem\Logs\wbemprox.log
    The following files are created:
    • %TEMPDIR%\cf67_appcompat.txt
  • Injections
    • %SYSDIR%\svchost.exe{<-\RPC Control\epmapper}
    • %SYSDIR%\lsass.exe{<-\LsaAuthenticationPort}
    • %SYSDIR%\svchost.exe{<-\RPC Control\DNSResolver}
    • %DISKDRIVE%\run\sample(8).exe{<-\RPC Control\OLE95F88E72585D4FBAB3BAF4590466}
    • %SYSDIR%\svchost.exe{<-\RPC Control\IcaApi}
  • Registry
    The following registry entries are added:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg] "LogSessionName" = "stdout" "Active" = dword:00000001 "ControlFlags" = dword:00000001
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappcfg\traceIdentifier] "Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa" "BitNames" = " Error Unusual Info Debug"
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy] "LogSessionName" = "stdout" "Active" = dword:00000001 "ControlFlags" = dword:00000001
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\eappprxy\traceIdentifier] "Guid" = "5f31090b-d990-4e91-b16d-46121d0255aa" "BitNames" = " Error Unusual Info Debug"
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil] "LogSessionName" = "stdout" "Active" = dword:00000001 "ControlFlags" = dword:00000001
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\QUtil\traceIdentifier] "Guid" = "8aefce96-4618-42ff-a057-3536aa78233e" "BitNames" = " Error Unusual Info Debug"
    The following registry entries are changed:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\sample(8)\DEBUG] "Trace Level" = ""
    • [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT] "EventMessageFile" = "%SYSDIR%\ESENT.dll" "CategoryMessageFile" = "%SYSDIR%\ESENT.dll" "CategoryCount" = dword:00000010 "TypesSupported" = dword:00000007

Help make the web safer by sending us suspicious files/URLs to analyze

Submit your file/URL or Go to support.avira.com

Why submit a suspicious file?

If you encountered a suspicious file or website that’s not in our database, we’ll analyze it and determine whether it’s harmful. Our findings are then pushed out to our millions of users with their next virus database update. If you have Avira, you’ll get that update too. Don’t have Avira? Get it on our homepage.