 |
W32/Peregar.C Trojan
| Name |
W32/Peregar.C Trojan |
| Aliases |
Trojan-Downloader.Win32.Peregar.c, W32/Downloader.H.gen!Eldorado, Mal/DelpDldr-E |
| Discovered on |
April 03, 2008 |
 Virus Information - W32/Peregar.C Trojan:
W32/Peregar.C is a trojan. The trojan will infect Windows systems.
This trojan is either downloaded from the Internet or dropped by other malware applications.
Upon execution, the trojan drops the following files:
 kiasys.dll in the Windows folder,
[Random Characters] in Current Users' Temp folder,
bind[1].htm in Temporary Internet Files folder,
pic[2].htm in Temporary Internet Files folder,
search[4].htm in Temporary Internet Files folder.
The dropped file kiasys.dll is injected to explorer.exe and iexplorer.exe processes.
The trojan opens the google search page with the search string sex world.
The first URL in the google result page will be hijacked and redirected to http://stable2.com/search/search.php?qq=sex+video
The following message will be embedded between the first and second search result.
The link hijacking and the message embedding will be performed on all google search.
The trojan also attempts to download setup.exe from 89.149.227.195, which is an adware.
If the adware (Files Secure v2.2) is not installed then then the following message will be displayed upon all Windows explorer or Internet Explorer activities.
|
