Trojan.Win32.Pandora.l

tag:Trojans  

The Trojan displays the following message:

It then launches the web browser and opens the following link:

http://www.miskatonic.net/pickman/mythos/****/vermiis1.jpg

It terminates the following process:

shutdown.exe

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Use Task Manager to terminate the Trojan process (memorium.exe).
  2. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  3. Delete the copy of the Trojan: %WinDir%\memorium.exe
  4. Delete the following system registry key parameter: [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]

    This Trojan has a malicious payload. The Trojan is a Windows PE EXE file. It is 4,096 bytes in size.

    Installation

    When launched, the Trojan copies its executable file to the Windows root directory :

    %WinDir%\memorium.exe

    In order to ensure that the Trojan is launched automatically each time Windows is restarted, the Trojan registers its executable file in the system registry:

    [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "load"="memorium.exe"

    The Trojan also adds the following parameter to the wininit.ini configuration file:

    ìemorium=memorium.exe Payload

©Virus-Encyclopedia.com All Rights Reserved.