Home / malware Trojan.Ascesso.C
First posted on 05 August 2014.
Source: SymantecAliases :
There are no other names known for Trojan.Ascesso.C.
Explanation :
The Trojan may arrive through spam emails or may be dropped by the Nuclear Exploit Kit.
When the Trojan is executed, it creates the following files:
C:\Documents and Settings\[USER NAME]\[RANDOM NAME].exe%Temp%\[RANDOM NUMBER][RANDOM NUMBER][RANDOM NUMBER][RANDOM NUMBER].bat
The Trojan creates the following registry entry so that it runs every time Windows starts:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"MSConfig" = "C:\Documents and Settings\[USER NAME]\[RANDOM NAME].exe"
The Trojan may perform the following actions:
Inject malicious code into the svchost.exe process to hide itself on the compromised computerConnect to 123.45.67.89 to download additional files or updatesSend spam emailsLast update 05 August 2014