Jump to content

Recommended Posts

This tool is detected as Trojan.Downloader.

CheckConns.exe download link.

File attached.

A registry key set by Notepad2 is also detected as malicious. An export of the key is below.

Malwarebytes Anti-Malware (PRO) 1.60.0.1800

www.malwarebytes.org

Database version: v2011.12.31.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Will :: WILL-PC [administrator]

Protection: Enabled

31/12/2011 17:11:33

mbam-log-2011-12-31 (17-16-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 204280

Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe (Security.Hijack) -> No action taken. [18221f8370dec96d1594141f8f74f60a]

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Users\Will\Desktop\CheckConns.exe (Trojan.Downloader) -> No action taken. [49f1e0c2ff4f37ffbab2f0375ba5966a]

(end)

----------------------------

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\notepad.exe\]

"Debugger"="\"C:\\Program Files\\Notepad2\\Notepad2.exe\" /z"

CheckConns.rar

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.