TROJ_CONHOOK.AE Details: This Trojan may be downloaded from the Internet or dropped by other malware programs on a machine. Installation and Autostart Upon execution, this Trojan drops a copy of itself as %System%\{5 random characters}.dll. (Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 98 and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP and Server 2003.) It injects itself to legitimate processes like WINLOGON.EXE and EXPLORER.EXE to avoid detection and to ensure its automatic execution at every system startup. It creates the following registry key to ensure its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\ CurrentVersion\Winlogon\Notify\{5 random characters} (Note: The registry key is the same as the malware file name) It also creates the following registy keys as part of its installation routine: HKEY_CLASSES_ROOT\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Browser Helper Objects\ {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} Payload This Trojan connects to the following Web sites in an attempt to download possibly malicious files: * http://{BLOCKED}huistov.net/cgi-bin/check/autoaff3 * http://202.67.{BLOCKED}.235/cgi-bin/check/autoaff3 However, as of this writing, the said URLs are inaccessible. Affected Platforms This Trojan runs on Windows 98, ME, NT, 2000, XP, and Server 2003. to bi trebalo bit to samo kako se rijesit toga..?
http://forum.pcekspert.com/images/smilies/chears.gif 