Trojan Risk: icthis.exe Behavior Analysis
Windows Prompts: Processes: Running as administrator: rmsink.exe, rundll32.exe(#2), googletalk.exe, DVDLAu~1.exe, dmremote.exe, cvpnd.exe, CnxDslTb.exe, Apoint.exe, ApntEx.exe, ISUSPM.exe Local service: scardsvr.exe, wdfmgr.exe Registry Keys Modified: New Run keys: HKLMSOFTWAREMicrosoftWindowsCurrentVersionPoliciesExplorerRun + C:Program FilesVideo Add-onicthis.exe HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun + C:Program FilesApointApoint.exe HKCUSoftwareMicrosoftWindowsCurrentVersionRun + "C:Program FilesCommon FilesInstallShieldUpdateServiceISUSPM.exe" –scheduler Machine Level Run Keys: C:>reg query HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun /s ! REG.EXE VERSION 3.0 HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun Apoint REG_SZ C:Program FilesApointApoint.exe DellTouch REG_SZ C:WINNTMMKeybd.exe BluetoothAuthenticationAgent REG_SZ rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent ccApp REG_SZ "C:Program FilesCommon FilesSymantec SharedccApp.exe" vptray REG_SZ C:PROGRA~1SYMANT~1VPTray.exe QuickTime Task REG_SZ "C:PROGRA~1QUICKT~1qttask.exe" -atboottime CnxDslTaskBar REG_SZ "C:Program FilesBIPAC-7000 ADSL USB ModemCnxDslTb.exe" SigmatelSysTrayApp REG_SZ stsystra.exe NvCplDaemon REG_SZ RUNDLL32.EXE C:WINNTsystem32NvCpl.dll,NvStartup nwiz REG_SZ nwiz.exe /installquiet […]
Read more