Trojan.Win32.Pandora.l
| Alert Level : | Medium |
| Discovered: | Mar 23 2007 |
| Tag: | Trojans |
| Discoverer and Source: | http://www.kaspersky.com/ |
Malware Behavior and Technical Description
This Trojan has a malicious payload. The Trojan is a Windows PE EXE file. It is 4,096 bytes in size.
InstallationWhen launched, the Trojan copies its executable file to the Windows root directory :
%WinDir%\memorium.exeIn order to ensure that the Trojan is launched automatically each time Windows is restarted, the Trojan registers its executable file in the system registry:
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]"load"="memorium.exe"
The Trojan also adds the following parameter to the wininit.ini configuration file:
ìemorium=memorium.exe Payload
The Trojan displays the following message:
It then launches the web browser and opens the following link:
http://www.miskatonic.net/pickman/mythos/****/vermiis1.jpgIt terminates the following process:
shutdown.exeRemoval Trojan.Win32.Pandora.l instructions:
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process (memorium.exe).
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the copy of the Trojan: %WinDir%\memorium.exe
- Delete the following system registry key parameter:
[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
Need help? Live computer support via remote at SupportSpace.Help with printer problems, windows, hardware, software, spyware removal and more. - Go Now!
