search

TROJ_BUZUS.CAC

October 11, 2012
 ALIASES:

Worm:Win32/Prolaco.gen!C (Microsoft); W32/Palack.worm (McAfee); W32.Ackantta@mm (Symantec); Trojan.Win32.Buzus.csea (Kaspersky); Worm.Win32.Prolaco.gen (v) (Sunbelt)

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW


This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

313,344 bytes

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

11 Oct 2012

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Installation

This Trojan drops the following copies of itself into the affected system:

  • %System%\wdfmngr.exe
  • %Program Files%\icq\shared folder\K-Lite codec pack 4.0 gold.exe
  • %Program Files%\icq\shared folder\Youtube Music Downloader 1.0.exe
  • %Program Files%\icq\shared folder\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\icq\shared folder\K-Lite codec pack 3.10 full.exe
  • %Program Files%\icq\shared folder\Adobe Acrobat Reader keygen.exe
  • %Program Files%\icq\shared folder\Adobe Photoshop CS4 crack.exe
  • %Program Files%\icq\shared folder\VmWare keygen.exe
  • %Program Files%\icq\shared folder\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\icq\shared folder\CheckPoint ZoneAlarm And AntiSpy.exe
  • %Program Files%\icq\shared folder\Sony Vegas Pro 8 0b Build 219.exe
  • %Program Files%\icq\shared folder\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\icq\shared folder\Ad-aware 2009.exe
  • %Program Files%\icq\shared folder\BitDefender AntiVirus 2009 Keygen.exe
  • %Program Files%\icq\shared folder\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %Program Files%\icq\shared folder\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %Program Files%\icq\shared folder\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %Program Files%\icq\shared folder\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %Program Files%\icq\shared folder\Microsoft Office 2007 Home and Student keygen.exe
  • %Program Files%\icq\shared folder\Total Commander7 license+keygen.exe
  • %Program Files%\icq\shared folder\LimeWire Pro v4.18.3.exe
  • %Program Files%\icq\shared folder\Download Accelerator Plus v8.7.5.exe
  • %Program Files%\icq\shared folder\Opera 9.62 International.exe
  • %Program Files%\icq\shared folder\Internet Download Manager V5.exe
  • %Program Files%\icq\shared folder\Myspace theme collection.exe
  • %Program Files%\icq\shared folder\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\icq\shared folder\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\icq\shared folder\Smart Draw 2008 keygen.exe
  • %Program Files%\icq\shared folder\Microsoft Visual Studio 2008 KeyGen.exe
  • %Program Files%\icq\shared folder\Absolute Video Converter 6.2.exe
  • %Program Files%\icq\shared folder\Daemon Tools Pro 4.11.exe
  • %Program Files%\icq\shared folder\Download Boost 2.0.exe
  • %Program Files%\icq\shared folder\Avast 4.8 Professional.exe
  • %Program Files%\icq\shared folder\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\icq\shared folder\Alcohol 120 v1.9.7.exe
  • %Program Files%\icq\shared folder\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\icq\shared folder\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\icq\shared folder\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\icq\shared folder\G-Force Platinum v3.7.5.exe
  • %Program Files%\icq\shared folder\Divx Pro 6.8.0.19 + keymaker.exe
  • %Program Files%\icq\shared folder\Perfect keylogger family edition with crack.exe
  • %Program Files%\icq\shared folder\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\icq\shared folder\Google Earth Pro 4.2. with Maps and crack.exe
  • %Program Files%\icq\shared folder\AVS video converter6.exe
  • %Program Files%\icq\shared folder\Sophos antivirus updater bypass.exe
  • %Program Files%\icq\shared folder\DVD Tools Nero 9 2 6 0.exe
  • %Program Files%\icq\shared folder\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %Program Files%\icq\shared folder\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\icq\shared folder\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %Program Files%\icq\shared folder\Windows2008 keygen and activator.exe
  • %Program Files%\icq\shared folder\Tuneup Ultilities 2008.exe
  • %Program Files%\icq\shared folder\Kaspersky Internet Security 2009 keygen.exe
  • %Program Files%\icq\shared folder\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\grokster\my grokster\K-Lite codec pack 4.0 gold.exe
  • %Program Files%\grokster\my grokster\Youtube Music Downloader 1.0.exe
  • %Program Files%\grokster\my grokster\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\grokster\my grokster\K-Lite codec pack 3.10 full.exe
  • %Program Files%\grokster\my grokster\Adobe Acrobat Reader keygen.exe
  • %Program Files%\grokster\my grokster\Adobe Photoshop CS4 crack.exe
  • %Program Files%\grokster\my grokster\VmWare keygen.exe
  • %Program Files%\grokster\my grokster\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\grokster\my grokster\CheckPoint ZoneAlarm And AntiSpy.exe
  • %Program Files%\grokster\my grokster\Sony Vegas Pro 8 0b Build 219.exe
  • %Program Files%\grokster\my grokster\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\grokster\my grokster\Ad-aware 2009.exe
  • %Program Files%\grokster\my grokster\BitDefender AntiVirus 2009 Keygen.exe
  • %Program Files%\grokster\my grokster\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %Program Files%\grokster\my grokster\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %Program Files%\grokster\my grokster\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %Program Files%\grokster\my grokster\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %Program Files%\grokster\my grokster\Microsoft Office 2007 Home and Student keygen.exe
  • %Program Files%\grokster\my grokster\Total Commander7 license+keygen.exe
  • %Program Files%\grokster\my grokster\LimeWire Pro v4.18.3.exe
  • %Program Files%\grokster\my grokster\Download Accelerator Plus v8.7.5.exe
  • %Program Files%\grokster\my grokster\Opera 9.62 International.exe
  • %Program Files%\grokster\my grokster\Internet Download Manager V5.exe
  • %Program Files%\grokster\my grokster\Myspace theme collection.exe
  • %Program Files%\grokster\my grokster\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\grokster\my grokster\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\grokster\my grokster\Smart Draw 2008 keygen.exe
  • %Program Files%\grokster\my grokster\Microsoft Visual Studio 2008 KeyGen.exe
  • %Program Files%\grokster\my grokster\Absolute Video Converter 6.2.exe
  • %Program Files%\grokster\my grokster\Daemon Tools Pro 4.11.exe
  • %Program Files%\grokster\my grokster\Download Boost 2.0.exe
  • %Program Files%\grokster\my grokster\Avast 4.8 Professional.exe
  • %Program Files%\grokster\my grokster\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\grokster\my grokster\Alcohol 120 v1.9.7.exe
  • %Program Files%\grokster\my grokster\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\grokster\my grokster\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\grokster\my grokster\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\grokster\my grokster\G-Force Platinum v3.7.5.exe
  • %Program Files%\grokster\my grokster\Divx Pro 6.8.0.19 + keymaker.exe
  • %Program Files%\grokster\my grokster\Perfect keylogger family edition with crack.exe
  • %Program Files%\grokster\my grokster\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\grokster\my grokster\Google Earth Pro 4.2. with Maps and crack.exe
  • %Program Files%\grokster\my grokster\AVS video converter6.exe
  • %Program Files%\grokster\my grokster\Sophos antivirus updater bypass.exe
  • %Program Files%\grokster\my grokster\DVD Tools Nero 9 2 6 0.exe
  • %Program Files%\grokster\my grokster\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %Program Files%\grokster\my grokster\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\grokster\my grokster\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %Program Files%\grokster\my grokster\Windows2008 keygen and activator.exe
  • %Program Files%\grokster\my grokster\Tuneup Ultilities 2008.exe
  • %Program Files%\grokster\my grokster\Kaspersky Internet Security 2009 keygen.exe
  • %Program Files%\grokster\my grokster\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\emule\incoming\K-Lite codec pack 4.0 gold.exe
  • %Program Files%\emule\incoming\Youtube Music Downloader 1.0.exe
  • %Program Files%\emule\incoming\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\emule\incoming\K-Lite codec pack 3.10 full.exe
  • %Program Files%\emule\incoming\Adobe Acrobat Reader keygen.exe
  • %Program Files%\emule\incoming\Adobe Photoshop CS4 crack.exe
  • %Program Files%\emule\incoming\VmWare keygen.exe
  • %Program Files%\emule\incoming\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\emule\incoming\CheckPoint ZoneAlarm And AntiSpy.exe
  • %Program Files%\emule\incoming\Sony Vegas Pro 8 0b Build 219.exe
  • %Program Files%\emule\incoming\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\emule\incoming\Ad-aware 2009.exe
  • %Program Files%\emule\incoming\BitDefender AntiVirus 2009 Keygen.exe
  • %Program Files%\emule\incoming\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %Program Files%\emule\incoming\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %Program Files%\emule\incoming\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %Program Files%\emule\incoming\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %Program Files%\emule\incoming\Microsoft Office 2007 Home and Student keygen.exe
  • %Program Files%\emule\incoming\Total Commander7 license+keygen.exe
  • %Program Files%\emule\incoming\LimeWire Pro v4.18.3.exe
  • %Program Files%\emule\incoming\Download Accelerator Plus v8.7.5.exe
  • %Program Files%\emule\incoming\Opera 9.62 International.exe
  • %Program Files%\emule\incoming\Internet Download Manager V5.exe
  • %Program Files%\emule\incoming\Myspace theme collection.exe
  • %Program Files%\emule\incoming\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\emule\incoming\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\emule\incoming\Smart Draw 2008 keygen.exe
  • %Program Files%\emule\incoming\Microsoft Visual Studio 2008 KeyGen.exe
  • %Program Files%\emule\incoming\Absolute Video Converter 6.2.exe
  • %Program Files%\emule\incoming\Daemon Tools Pro 4.11.exe
  • %Program Files%\emule\incoming\Download Boost 2.0.exe
  • %Program Files%\emule\incoming\Avast 4.8 Professional.exe
  • %Program Files%\emule\incoming\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\emule\incoming\Alcohol 120 v1.9.7.exe
  • %Program Files%\emule\incoming\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\emule\incoming\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\emule\incoming\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\emule\incoming\G-Force Platinum v3.7.5.exe
  • %Program Files%\emule\incoming\Divx Pro 6.8.0.19 + keymaker.exe
  • %Program Files%\emule\incoming\Perfect keylogger family edition with crack.exe
  • %Program Files%\emule\incoming\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\emule\incoming\Google Earth Pro 4.2. with Maps and crack.exe
  • %Program Files%\emule\incoming\AVS video converter6.exe
  • %Program Files%\emule\incoming\Sophos antivirus updater bypass.exe
  • %Program Files%\emule\incoming\DVD Tools Nero 9 2 6 0.exe
  • %Program Files%\emule\incoming\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %Program Files%\emule\incoming\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\emule\incoming\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %Program Files%\emule\incoming\Windows2008 keygen and activator.exe
  • %Program Files%\emule\incoming\Tuneup Ultilities 2008.exe
  • %Program Files%\emule\incoming\Kaspersky Internet Security 2009 keygen.exe
  • %Program Files%\emule\incoming\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\morpheus\my shared folder\K-Lite codec pack 4.0 gold.exe
  • %Program Files%\morpheus\my shared folder\Youtube Music Downloader 1.0.exe
  • %Program Files%\morpheus\my shared folder\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\morpheus\my shared folder\K-Lite codec pack 3.10 full.exe
  • %Program Files%\morpheus\my shared folder\Adobe Acrobat Reader keygen.exe
  • %Program Files%\morpheus\my shared folder\Adobe Photoshop CS4 crack.exe
  • %Program Files%\morpheus\my shared folder\VmWare keygen.exe
  • %Program Files%\morpheus\my shared folder\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\morpheus\my shared folder\CheckPoint ZoneAlarm And AntiSpy.exe
  • %Program Files%\morpheus\my shared folder\Sony Vegas Pro 8 0b Build 219.exe
  • %Program Files%\morpheus\my shared folder\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\morpheus\my shared folder\Ad-aware 2009.exe
  • %Program Files%\morpheus\my shared folder\BitDefender AntiVirus 2009 Keygen.exe
  • %Program Files%\morpheus\my shared folder\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %Program Files%\morpheus\my shared folder\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %Program Files%\morpheus\my shared folder\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %Program Files%\morpheus\my shared folder\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %Program Files%\morpheus\my shared folder\Microsoft Office 2007 Home and Student keygen.exe
  • %Program Files%\morpheus\my shared folder\Total Commander7 license+keygen.exe
  • %Program Files%\morpheus\my shared folder\LimeWire Pro v4.18.3.exe
  • %Program Files%\morpheus\my shared folder\Download Accelerator Plus v8.7.5.exe
  • %Program Files%\morpheus\my shared folder\Opera 9.62 International.exe
  • %Program Files%\morpheus\my shared folder\Internet Download Manager V5.exe
  • %Program Files%\morpheus\my shared folder\Myspace theme collection.exe
  • %Program Files%\morpheus\my shared folder\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\morpheus\my shared folder\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\morpheus\my shared folder\Smart Draw 2008 keygen.exe
  • %Program Files%\morpheus\my shared folder\Microsoft Visual Studio 2008 KeyGen.exe
  • %Program Files%\morpheus\my shared folder\Absolute Video Converter 6.2.exe
  • %Program Files%\morpheus\my shared folder\Daemon Tools Pro 4.11.exe
  • %Program Files%\morpheus\my shared folder\Download Boost 2.0.exe
  • %Program Files%\morpheus\my shared folder\Avast 4.8 Professional.exe
  • %Program Files%\morpheus\my shared folder\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\morpheus\my shared folder\Alcohol 120 v1.9.7.exe
  • %Program Files%\morpheus\my shared folder\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\morpheus\my shared folder\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\morpheus\my shared folder\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\morpheus\my shared folder\G-Force Platinum v3.7.5.exe
  • %Program Files%\morpheus\my shared folder\Divx Pro 6.8.0.19 + keymaker.exe
  • %Program Files%\morpheus\my shared folder\Perfect keylogger family edition with crack.exe
  • %Program Files%\morpheus\my shared folder\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\morpheus\my shared folder\Google Earth Pro 4.2. with Maps and crack.exe
  • %Program Files%\morpheus\my shared folder\AVS video converter6.exe
  • %Program Files%\morpheus\my shared folder\Sophos antivirus updater bypass.exe
  • %Program Files%\morpheus\my shared folder\DVD Tools Nero 9 2 6 0.exe
  • %Program Files%\morpheus\my shared folder\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %Program Files%\morpheus\my shared folder\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\morpheus\my shared folder\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %Program Files%\morpheus\my shared folder\Windows2008 keygen and activator.exe
  • %Program Files%\morpheus\my shared folder\Tuneup Ultilities 2008.exe
  • %Program Files%\morpheus\my shared folder\Kaspersky Internet Security 2009 keygen.exe
  • %Program Files%\morpheus\my shared folder\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\limewire\shared\K-Lite codec pack 4.0 gold.exe
  • %Program Files%\limewire\shared\Youtube Music Downloader 1.0.exe
  • %Program Files%\limewire\shared\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\limewire\shared\K-Lite codec pack 3.10 full.exe
  • %Program Files%\limewire\shared\Adobe Acrobat Reader keygen.exe
  • %Program Files%\limewire\shared\Adobe Photoshop CS4 crack.exe
  • %Program Files%\limewire\shared\VmWare keygen.exe
  • %Program Files%\limewire\shared\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\limewire\shared\CheckPoint ZoneAlarm And AntiSpy.exe
  • %Program Files%\limewire\shared\Sony Vegas Pro 8 0b Build 219.exe
  • %Program Files%\limewire\shared\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\limewire\shared\Ad-aware 2009.exe
  • %Program Files%\limewire\shared\BitDefender AntiVirus 2009 Keygen.exe
  • %Program Files%\limewire\shared\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %Program Files%\limewire\shared\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %Program Files%\limewire\shared\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %Program Files%\limewire\shared\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %Program Files%\limewire\shared\Microsoft Office 2007 Home and Student keygen.exe
  • %Program Files%\limewire\shared\Total Commander7 license+keygen.exe
  • %Program Files%\limewire\shared\LimeWire Pro v4.18.3.exe
  • %Program Files%\limewire\shared\Download Accelerator Plus v8.7.5.exe
  • %Program Files%\limewire\shared\Opera 9.62 International.exe
  • %Program Files%\limewire\shared\Internet Download Manager V5.exe
  • %Program Files%\limewire\shared\Myspace theme collection.exe
  • %Program Files%\limewire\shared\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\limewire\shared\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\limewire\shared\Smart Draw 2008 keygen.exe
  • %Program Files%\limewire\shared\Microsoft Visual Studio 2008 KeyGen.exe
  • %Program Files%\limewire\shared\Absolute Video Converter 6.2.exe
  • %Program Files%\limewire\shared\Daemon Tools Pro 4.11.exe
  • %Program Files%\limewire\shared\Download Boost 2.0.exe
  • %Program Files%\limewire\shared\Avast 4.8 Professional.exe
  • %Program Files%\limewire\shared\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\limewire\shared\Alcohol 120 v1.9.7.exe
  • %Program Files%\limewire\shared\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\limewire\shared\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\limewire\shared\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\limewire\shared\G-Force Platinum v3.7.5.exe
  • %Program Files%\limewire\shared\Divx Pro 6.8.0.19 + keymaker.exe
  • %Program Files%\limewire\shared\Perfect keylogger family edition with crack.exe
  • %Program Files%\limewire\shared\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\limewire\shared\Google Earth Pro 4.2. with Maps and crack.exe
  • %Program Files%\limewire\shared\AVS video converter6.exe
  • %Program Files%\limewire\shared\Sophos antivirus updater bypass.exe
  • %Program Files%\limewire\shared\DVD Tools Nero 9 2 6 0.exe
  • %Program Files%\limewire\shared\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %Program Files%\limewire\shared\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\limewire\shared\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %Program Files%\limewire\shared\Windows2008 keygen and activator.exe
  • %Program Files%\limewire\shared\Tuneup Ultilities 2008.exe
  • %Program Files%\limewire\shared\Kaspersky Internet Security 2009 keygen.exe
  • %Program Files%\limewire\shared\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\tesla\files\K-Lite codec pack 4.0 gold.exe
  • %Program Files%\tesla\files\Youtube Music Downloader 1.0.exe
  • %Program Files%\tesla\files\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\tesla\files\K-Lite codec pack 3.10 full.exe
  • %Program Files%\tesla\files\Adobe Acrobat Reader keygen.exe
  • %Program Files%\tesla\files\Adobe Photoshop CS4 crack.exe
  • %Program Files%\tesla\files\VmWare keygen.exe
  • %Program Files%\tesla\files\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\tesla\files\CheckPoint ZoneAlarm And AntiSpy.exe
  • %Program Files%\tesla\files\Sony Vegas Pro 8 0b Build 219.exe
  • %Program Files%\tesla\files\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\tesla\files\Ad-aware 2009.exe
  • %Program Files%\tesla\files\BitDefender AntiVirus 2009 Keygen.exe
  • %Program Files%\tesla\files\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %Program Files%\tesla\files\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %Program Files%\tesla\files\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %Program Files%\tesla\files\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %Program Files%\tesla\files\Microsoft Office 2007 Home and Student keygen.exe
  • %Program Files%\tesla\files\Total Commander7 license+keygen.exe
  • %Program Files%\tesla\files\LimeWire Pro v4.18.3.exe
  • %Program Files%\tesla\files\Download Accelerator Plus v8.7.5.exe
  • %Program Files%\tesla\files\Opera 9.62 International.exe
  • %Program Files%\tesla\files\Internet Download Manager V5.exe
  • %Program Files%\tesla\files\Myspace theme collection.exe
  • %Program Files%\tesla\files\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\tesla\files\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\tesla\files\Smart Draw 2008 keygen.exe
  • %Program Files%\tesla\files\Microsoft Visual Studio 2008 KeyGen.exe
  • %Program Files%\tesla\files\Absolute Video Converter 6.2.exe
  • %Program Files%\tesla\files\Daemon Tools Pro 4.11.exe
  • %Program Files%\tesla\files\Download Boost 2.0.exe
  • %Program Files%\tesla\files\Avast 4.8 Professional.exe
  • %Program Files%\tesla\files\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\tesla\files\Alcohol 120 v1.9.7.exe
  • %Program Files%\tesla\files\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\tesla\files\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\tesla\files\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\tesla\files\G-Force Platinum v3.7.5.exe
  • %Program Files%\tesla\files\Divx Pro 6.8.0.19 + keymaker.exe
  • %Program Files%\tesla\files\Perfect keylogger family edition with crack.exe
  • %Program Files%\tesla\files\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\tesla\files\Google Earth Pro 4.2. with Maps and crack.exe
  • %Program Files%\tesla\files\AVS video converter6.exe
  • %Program Files%\tesla\files\Sophos antivirus updater bypass.exe
  • %Program Files%\tesla\files\DVD Tools Nero 9 2 6 0.exe
  • %Program Files%\tesla\files\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %Program Files%\tesla\files\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\tesla\files\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %Program Files%\tesla\files\Windows2008 keygen and activator.exe
  • %Program Files%\tesla\files\Tuneup Ultilities 2008.exe
  • %Program Files%\tesla\files\Kaspersky Internet Security 2009 keygen.exe
  • %Program Files%\tesla\files\Windows XP PRO Corp SP3 valid-key generator.exe
  • %Program Files%\winmx\shared\K-Lite codec pack 4.0 gold.exe
  • %Program Files%\winmx\shared\Youtube Music Downloader 1.0.exe
  • %Program Files%\winmx\shared\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %Program Files%\winmx\shared\K-Lite codec pack 3.10 full.exe
  • %Program Files%\winmx\shared\Adobe Acrobat Reader keygen.exe
  • %Program Files%\winmx\shared\Adobe Photoshop CS4 crack.exe
  • %Program Files%\winmx\shared\VmWare keygen.exe
  • %Program Files%\winmx\shared\WinRAR v3.x keygen RaZoR.exe
  • %Program Files%\winmx\shared\CheckPoint ZoneAlarm And AntiSpy.exe
  • %Program Files%\winmx\shared\Sony Vegas Pro 8 0b Build 219.exe
  • %Program Files%\winmx\shared\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %Program Files%\winmx\shared\Ad-aware 2009.exe
  • %Program Files%\winmx\shared\BitDefender AntiVirus 2009 Keygen.exe
  • %Program Files%\winmx\shared\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %Program Files%\winmx\shared\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %Program Files%\winmx\shared\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %Program Files%\winmx\shared\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %Program Files%\winmx\shared\Microsoft Office 2007 Home and Student keygen.exe
  • %Program Files%\winmx\shared\Total Commander7 license+keygen.exe
  • %Program Files%\winmx\shared\LimeWire Pro v4.18.3.exe
  • %Program Files%\winmx\shared\Download Accelerator Plus v8.7.5.exe
  • %Program Files%\winmx\shared\Opera 9.62 International.exe
  • %Program Files%\winmx\shared\Internet Download Manager V5.exe
  • %Program Files%\winmx\shared\Myspace theme collection.exe
  • %Program Files%\winmx\shared\Nero 9 9.2.6.0 keygen.exe
  • %Program Files%\winmx\shared\Motorola, nokia, ericsson mobil phone tools.exe
  • %Program Files%\winmx\shared\Smart Draw 2008 keygen.exe
  • %Program Files%\winmx\shared\Microsoft Visual Studio 2008 KeyGen.exe
  • %Program Files%\winmx\shared\Absolute Video Converter 6.2.exe
  • %Program Files%\winmx\shared\Daemon Tools Pro 4.11.exe
  • %Program Files%\winmx\shared\Download Boost 2.0.exe
  • %Program Files%\winmx\shared\Avast 4.8 Professional.exe
  • %Program Files%\winmx\shared\Grand Theft Auto IV (Offline Activation).exe
  • %Program Files%\winmx\shared\Alcohol 120 v1.9.7.exe
  • %Program Files%\winmx\shared\CleanMyPC Registry Cleaner v6.02.exe
  • %Program Files%\winmx\shared\Super Utilities Pro 2009 11.0.exe
  • %Program Files%\winmx\shared\Power ISO v4.2 + keygen axxo.exe
  • %Program Files%\winmx\shared\G-Force Platinum v3.7.5.exe
  • %Program Files%\winmx\shared\Divx Pro 6.8.0.19 + keymaker.exe
  • %Program Files%\winmx\shared\Perfect keylogger family edition with crack.exe
  • %Program Files%\winmx\shared\Magic Video Converter 8 0 2 18.exe
  • %Program Files%\winmx\shared\Google Earth Pro 4.2. with Maps and crack.exe
  • %Program Files%\winmx\shared\AVS video converter6.exe
  • %Program Files%\winmx\shared\Sophos antivirus updater bypass.exe
  • %Program Files%\winmx\shared\DVD Tools Nero 9 2 6 0.exe
  • %Program Files%\winmx\shared\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %Program Files%\winmx\shared\PDF password remover (works with all acrobat reader).exe
  • %Program Files%\winmx\shared\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %Program Files%\winmx\shared\Windows2008 keygen and activator.exe
  • %Program Files%\winmx\shared\Tuneup Ultilities 2008.exe
  • %Program Files%\winmx\shared\Kaspersky Internet Security 2009 keygen.exe
  • %Program Files%\winmx\shared\Windows XP PRO Corp SP3 valid-key generator.exe
  • %System Root%\Downloads\K-Lite codec pack 4.0 gold.exe
  • %System Root%\Downloads\Youtube Music Downloader 1.0.exe
  • %System Root%\Downloads\Windows 2008 Enterprise Server VMWare Virtual Machine.exe
  • %System Root%\Downloads\K-Lite codec pack 3.10 full.exe
  • %System Root%\Downloads\Adobe Acrobat Reader keygen.exe
  • %System Root%\Downloads\Adobe Photoshop CS4 crack.exe
  • %System Root%\Downloads\VmWare keygen.exe
  • %System Root%\Downloads\WinRAR v3.x keygen RaZoR.exe
  • %System Root%\Downloads\CheckPoint ZoneAlarm And AntiSpy.exe
  • %System Root%\Downloads\Sony Vegas Pro 8 0b Build 219.exe
  • %System Root%\Downloads\AnyDVD HD v.6.3.1.8 Beta incl crack.exe
  • %System Root%\Downloads\Ad-aware 2009.exe
  • %System Root%\Downloads\BitDefender AntiVirus 2009 Keygen.exe
  • %System Root%\Downloads\Norton Anti-Virus 2009 Enterprise Crack.exe
  • %System Root%\Downloads\Ultimate ring tones package1 (Beethoven,Bach, Baris Manco,Lambada,Chopin, Greensleves).exe
  • %System Root%\Downloads\Ultimate ring tones package2 (Lil Wayne - Way Of Life,Khia - My Neck My Back Like My Pussy And My Crack,Mario - Let Me Love You,R. Kelly - The Worlds Greatest).exe
  • %System Root%\Downloads\Ultimate ring tones package3 (Crazy In Love, U Got It Bad, 50 Cent - P.I.M.P, Jennifer Lopez Feat. Ll Cool J - All I Have, 50 Cent - 21 Question).exe
  • %System Root%\Downloads\Microsoft Office 2007 Home and Student keygen.exe
  • %System Root%\Downloads\Total Commander7 license+keygen.exe
  • %System Root%\Downloads\LimeWire Pro v4.18.3.exe
  • %System Root%\Downloads\Download Accelerator Plus v8.7.5.exe
  • %System Root%\Downloads\Opera 9.62 International.exe
  • %System Root%\Downloads\Internet Download Manager V5.exe
  • %System Root%\Downloads\Myspace theme collection.exe
  • %System Root%\Downloads\Nero 9 9.2.6.0 keygen.exe
  • %System Root%\Downloads\Motorola, nokia, ericsson mobil phone tools.exe
  • %System Root%\Downloads\Smart Draw 2008 keygen.exe
  • %System Root%\Downloads\Microsoft Visual Studio 2008 KeyGen.exe
  • %System Root%\Downloads\Absolute Video Converter 6.2.exe
  • %System Root%\Downloads\Daemon Tools Pro 4.11.exe
  • %System Root%\Downloads\Download Boost 2.0.exe
  • %System Root%\Downloads\Avast 4.8 Professional.exe
  • %System Root%\Downloads\Grand Theft Auto IV (Offline Activation).exe
  • %System Root%\Downloads\Alcohol 120 v1.9.7.exe
  • %System Root%\Downloads\CleanMyPC Registry Cleaner v6.02.exe
  • %System Root%\Downloads\Super Utilities Pro 2009 11.0.exe
  • %System Root%\Downloads\Power ISO v4.2 + keygen axxo.exe
  • %System Root%\Downloads\G-Force Platinum v3.7.5.exe
  • %System Root%\Downloads\Divx Pro 6.8.0.19 + keymaker.exe
  • %System Root%\Downloads\Perfect keylogger family edition with crack.exe
  • %System Root%\Downloads\Magic Video Converter 8 0 2 18.exe
  • %System Root%\Downloads\Google Earth Pro 4.2. with Maps and crack.exe
  • %System Root%\Downloads\AVS video converter6.exe
  • %System Root%\Downloads\Sophos antivirus updater bypass.exe
  • %System Root%\Downloads\DVD Tools Nero 9 2 6 0.exe
  • %System Root%\Downloads\Winamp.Pro.v6.53.PowerPack.Portable+installer.exe
  • %System Root%\Downloads\PDF password remover (works with all acrobat reader).exe
  • %System Root%\Downloads\Microsoft.Windows 7 Beta1 Build 7000 x86.exe
  • %System Root%\Downloads\Windows2008 keygen and activator.exe
  • %System Root%\Downloads\Tuneup Ultilities 2008.exe
  • %System Root%\Downloads\Kaspersky Internet Security 2009 keygen.exe
  • %System Root%\Downloads\Windows XP PRO Corp SP3 valid-key generator.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.. %Program Files% is the default Program Files folder, usually C:\Program Files.. %System Root% is the root folder, which is usually C:\. It is also where the operating system is located.)

Autostart Technique

This Trojan adds the following registry entries to enable its automatic execution at every system startup:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run
Windows Driver Manager = "%System%\wdfmngr.exe"

Other System Modifications

This Trojan adds the following registry keys:

HKEY_LOCAL_MACHINE\Software\Microsoft\
WAB\Profile

HKEY_CURRENT_USER\Software\Microsoft\
WAB\Profile

It adds the following registry entries:

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer
geneva1 = "04"

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Explorer
geneva2 = "21"

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Services\SharedAccess\Parameters\
FirewallPolicy\StandardProfile\AuthorizedApplications\
List
%System%\wdfmngr.exe = "%System%\wdfmngr.exe:*:Enabled:Explorer"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\policies\
system
EnableLUA = "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Security Center
UACDisableNotify = "1"

Dropping Routine

This Trojan drops the following files:

  • %System%\wdfmngr.exe
  • %System%\kb-096.exe

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.)

This report is generated via an automated analysis system.

  SOLUTION

Minimum Scan Engine:

9.200

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Restart in Safe Mode

[ Learn More ]

Step 3

Delete this registry key

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_LOCAL_MACHINE\Software\Microsoft\WAB
    • Profile
  • In HKEY_CURRENT_USER\Software\Microsoft\WAB
    • Profile

Step 4

Delete this registry value

[ Learn More ]

Important: Editing the Windows Registry incorrectly can lead to irreversible system malfunction. Please do this step only if you know how or you can ask assistance from your system administrator. Else, check this Microsoft article first before modifying your computer's registry.

  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    • Windows Driver Manager = "%System%\wdfmngr.exe"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    • geneva1 = "04"
  • In HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer
    • geneva2 = "21"
  • In HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
    • %System%\wdfmngr.exe = "%System%\wdfmngr.exe:*:Enabled:Explorer"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
    • EnableLUA = "0"
  • In HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center
    • UACDisableNotify = "1"

Step 5

Search and delete these files

[ Learn More ]
There may be some component files that are hidden. Please make sure you check the Search Hidden Files and Folders checkbox in the "More advanced options" option to include all hidden files and folders in the search result.
  • %System%\wdfmngr.exe
  • %System%\kb-096.exe

Step 6

Restart in normal mode and scan your computer with your Trend Micro product for files detected as TROJ_BUZUS.CAC. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.