Home / malwarePDF  

Trojan:Win32/Wysotot.D


First posted on 24 January 2014.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/Wysotot.D.

Explanation :

Threat behavior Trojan:Win32/Wysotot.D is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.

Installation

Trojan:Win32/Wysotot.D creates the following files on your PC:

  • %programfiles%\my toolbar\alxssbps.dll
  • %programfiles%\my toolbar\atbptoolbar.1.0.dll
  • %programfiles%\my toolbar\atbptoolbar.1.0.uninstall.exe
  • %programfiles%\my toolbar\atbptoolbarssb.1.0.dll
  • c:\documents and settings\administrator\application data\yandex\1.reg
  • c:\documents and settings\administrator\application data\yandex\g.exe
  • c:\documents and settings\administrator\application data\yandex\i.exe
  • c:\documents and settings\administrator\application data\yandex\setup.exe
  • c:\documents and settings\administrator\application data\yandex\sil.reg
  • c:\documents and settings\administrator\application data\yandex\w.exe
  • c:\documents and settings\administrator\local settings\application data\alexa\atbpg-6pxzqf-1.2.crx
  • c:\documents and settings\administrator\local settings\temp\nsbc.tmp
  • c:\documents and settings\administrator\local settings\temp\nsc8.tmp
  • c:\documents and settings\administrator\local settings\temp\nspa.tmp
  • c:\documents and settings\administrator\local settings\temp\is-bc0l4.tmp\issproc.dll
  • c:\documents and settings\administrator\local settings\temp\is-bc0l4.tmp\isxdl.dll
  • c:\documents and settings\administrator\local settings\temp\is-bc0l4.tmp\_isetup\_shfoldr.dll
  • c:\documents and settings\administrator\local settings\temp\is-dul5r.tmp\w.tmp
  • c:\documents and settings\administrator\local settings\temp\nsbd.tmp\toolbarplatform.dll


Payload

Contacts remote host
Trojan:Win32/Wysotot.D might contact a remote host at s3.amazonaws.com using port 443. Commonly, malware does this to:
  • Report a new infection to its author
  • Receive configuration or other data
  • Download and run files, including updates or other malware
  • Receive instructions from a remote hacker
  • Upload data taken from your PC

This malware description was produced and published using automated analysis of file SHA1 316afc25ffafdfc19949cc9487ad1a8eedd840ae.Symptoms

System changes

The following could indicate that you have this threat on your PC:

  • You have these files:

    %programfiles%\my toolbar\alxssbps.dll
    %programfiles%\my toolbar\atbptoolbar.1.0.dll
    %programfiles%\my toolbar\atbptoolbar.1.0.uninstall.exe
    %programfiles%\my toolbar\atbptoolbarssb.1.0.dll
    c:\documents and settings\administrator\application data\yandex\1.reg
    c:\documents and settings\administrator\application data\yandex\g.exe
    c:\documents and settings\administrator\application data\yandex\i.exe
    c:\documents and settings\administrator\application data\yandex\setup.exe
    c:\documents and settings\administrator\application data\yandex\sil.reg
    c:\documents and settings\administrator\application data\yandex\w.exe
    c:\documents and settings\administrator\local settings\application data\alexa\atbpg-6pxzqf-1.2.crx
    c:\documents and settings\administrator\local settings\temp\nsbc.tmp
    c:\documents and settings\administrator\local settings\temp\nsc8.tmp
    c:\documents and settings\administrator\local settings\temp\nspa.tmp
    c:\documents and settings\administrator\local settings\temp\is-bc0l4.tmp\issproc.dll
    c:\documents and settings\administrator\local settings\temp\is-bc0l4.tmp\isxdl.dll
    c:\documents and settings\administrator\local settings\temp\is-bc0l4.tmp\_isetup\_shfoldr.dll
    c:\documents and settings\administrator\local settings\temp\is-dul5r.tmp\w.tmp
    c:\documents and settings\administrator\local settings\temp\nsbd.tmp\toolbarplatform.dll

Last update 24 January 2014

 

TOP

Malware :

Family: