Home / malware Trojan:Win32/Mvpaten.A
First posted on 08 June 2010.
Source: SecurityHomeAliases :
There are no other names known for Trojan:Win32/Mvpaten.A.
Explanation :
Trojan:Win32/Mvpaten.A is a trojan that runs other malware components installed along with it.
Top
Trojan:Win32/Mvpaten.A is a trojan that runs other malware components installed along with it. Installation When run, depending on the parameter given, Trojan:Win32/Mvpaten.A first traverses the following registry keys:HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall In these keys, it looks for the following strings, which are related to security software, in the keys' DisplayName registry values:avast avira nod32 kaspersky norton mcafee trend micro comodo If none are found, Trojan:Win32/Mvpaten.A copies and runs itself as "netset.exe" in the current folder. Payload Executes other components Trojan:Win32/Mvpaten.A reads in the contents of another file named "plang.enu", presumably another component of this malware, and writes it as either "ntsd.tmp" or "pdat<3 random digits>.tmp". Removes traces of itself Trojan:Win32/Mvpaten.A deletes traces or files created by it during the process, which may include the following: dtnet.exe dtnet.dat plang.enu dsten.log It also tries to remove the following registry value, if found: Value: "netset" In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Analysis by Jireh SanicoLast update 08 June 2010
