Troj/Mdrop-CLC

    Category: Viruses and SpywareProtection available since:19 Mar 2010 12:44:24 (GMT)
    Type: TrojanLast Updated:19 Mar 2010 12:44:24 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    Troj/Mdrop-CLC is a Trojan for the Windows platform.

    Troj/Mdrop-CLC includes functionality to:

    - run automatically
    - create files in the <System> folder
    - access the internet and communicate with a remote server via HTTP

    Troj/Mdrop-CLC communicates via HTTP with the following locations:

    checkwebspeed . net
    imagehut4 . cn


    When Troj/Mdrop-CLC is installed the following files are created:

    <User>xplore.exe
    <System>\cmutilo.exe
    <Temp>\~unins7468.bat

    The following registry entry is set:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    Run
    alcvgykb

    Registry entries are created under:

    HKLM\SOFTWARE\zpppmcegc
    HKCU\Software\zpppmcegc

    Troj/Mdrop-CLC creates the following Windows HOSTS file entries:-
    127.0.0.1 thepiratebay.org
    127.0.0.1 www.thepiratebay.org
    127.0.0.1 mininova.org
    127.0.0.1 www.mininova.org
    127.0.0.1 forum.mininova.org
    127.0.0.1 blog.mininova.org
    127.0.0.1 suprbay.org
    127.0.0.1 www.suprbay.org

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection