Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Win32/Lethic.AA

Aliases:	P2P-Worm.Win32.Palevo.rmm (Kaspersky), VirTool:Win32/DelfInject.gen!BH (Microsoft), Generic.dx!nns trojan (McAfee)
Type of infiltration:	Trojan
Size:	43008 B
Affected platforms:	Microsoft Windows
Signature database version:	4860 (20100212)

Short description

Win32/Lethic.AA is a trojan that is used for spam distribution. It can be controlled remotely.

Installation

When executed, the trojan copies itself into the following location:

C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455psysnew.exe

The following file is dropped in the same folder:

desktop.ini

In order to be executed on every system start, the trojan sets the following Registry entries:

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Winlogon]
"Taskman" = "C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455psysnew.exe"
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindows NTCurrentVersion
Winlogon]
"shell" = "C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455psysnew.exe"
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersion
Run]
"psysnew" = "C:RECYCLERS-1-5-21-0243556031-888888379-781863308-1455psysnew.exe"

Spam distribution

Win32/Lethic.AA is a trojan that is used for spam distribution.

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (1) URLs.

Other information

The trojan creates and runs a new thread with its own program code within the following processes:

explorer.exe