Selected viruses, spyware, and other threats: sorted alphabetically
Win32/Tinxy.BJ
|
Short description
The trojan serves as a proxy server.Installation
When executed, the trojan creates the following files:- %system%clbcoko.dll
- %system%driversmrxoko.sys
- %temp%w3oko.bat
- DHCP Shortcut List Redirector
- netsh firewall add allowedprogram name="ST330 OKO service" program="%SystemRoot%system32svchost.exe" mode=ENABLE
- netsh firewall add portopening tcp 8085 "MyOKOPort" ENABLE
The following Registry entries are created:
- [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
swoko]
"FailureActions" = 00000000000000000000000003000000140000000100000060EA00000100000060EA00000100000060EA0000 - [HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
swokoParameters]
"ServiceDll" = "%system%clbcoko.dll" - [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
Svchost]
"termsvc" = "swoko"
The trojan deletes the original file.
Other information
The trojan opens TCP port 8085. A HTTP proxy is listening there.The trojan can modify the downloaded data.
The trojan blocks access to any domains that contain any of the following strings in their name:
- .iobit.com
- .nai.com
- 2-spyware.com
- a-2.org
- agnitum
- ahnlab.com
- .iobit.com
- .nai.com
- 2-spyware.com
- a-2.org
- agnitum
- ahnlab.com
- aluriasoftware
- antirootkit
- anti-spy.info
- antispywareoffensief
- anti-trojan
- antivir
- antiviraldp
- anti-virus
- antivirus.com
- antiy.net
- attechnical
- authentium
- avast
- avertlabs.com
- avg.
- avgate.net
- avgfrance
- avira.com
- avp.
- bitdefender
- blackice
- bleepingcomputer
- bullguard.com
- ccsoftware
- centralcommand
- clamav.net
- cloudantivirus
- combofix.org
- commandondemand.com
- comodo.com
- cybertechhelp
- deerfield
- dialognauka
- diamondcs
- download.microsoft.com
- drsolomon
- drweb
- eicar
- emisoft
- esafe
- eset
- exterminate-it.com
- fileburst
- finjan
- fmsinc
- forospyware
- fortiguard
- fortinet.com
- f-prot.com
- free-av
- freeav.net
- freefixer.com
- freemirror.org
- freerav.com
- f-secure
- gdata.de
- gdatasoftware.com
- gecadsoftware
- geekstogo.com
- gladiator-antivirus
- gmer.net
- greatis.com
- grisoft
- gwava
- hackerwatch
- help2go.com
- hijackfree
- hijackthis
- housecall
- iavs.cz
- ieupdate
- ikarus.
- ika-rus.com
- ikarus-software
- incodesolutions.com
- inline-software
- javacoolsoftware
- jiangmin
- k7antivirus
- k7computing.com
- kaspersky
- kerio
- k-otik
- lavasoft
- liutilities
- looknstop
- maddoktor2.com
- majorgeeks.com
- malekal.com
- malwarebytes
- malwareremoval
- malwareteks
- mcafee
- megasecurity
- microworldsystems
- misec
- moosoft
- myantispyware.com
- my-etrust
- networkassociates
- noadware
- nod32
- norman.com
- norman.no
- norton.com
- nprotect.com
- nsclean
- onecare.live
- openantivirus
- pandasecurity
- pandasoftware
- pc1news.com
- pcastuces.com
- pctools.com
- pestpatrol
- prevx.
- prevx1.
- psnw.
- pspl.
- quickheal.co.in
- ravantivirus
- risingav
- rising-global
- rising-russia
- runscanner
- safer-networking
- safetynet
- sald.com
- securelist
- securitoo
- securitycadets
- secuser
- silentrunners
- simplysup
- sophos
- spyblocker-software
- spybot.info
- spycop
- spynet.microsoft
- spynet2.microsoft
- spynettest.microsoft
- spywarefri
- spywareguide
- spywarehammer
- spywareinfo
- spywareinfoforum
- spywarewarrior
- stiller
- stopbadware
- sunbeltsecurity
- sunbeltsoftware
- superantispyware
- sybari
- sygate
- symantec
- sysinternals.com
- tallemu
- techguy.org
- thespykiller
- threatexpert.com
- threatfire.com
- threatsense
- tinysoftware
- toonbox
- trapware
- trendmicro
- trend-micro
- trendsecure
- trojaner-board
- turvamies
- viguard
- virscan.org
- virusbuster
- virusinfo.info
- viruslist
- virustorjunta.net
- virustotal
- visualizesoftware
- vsantivirus
- whatthetech
- wilderssecurity
- wildlist
- windowsupdate
- winpatrol
- x-cleaner
- zebulon.fr
- zeylstra
- z-oleg.com
- zonealarm.com
- zonelabs
- zonelog
