ABox

Category: Trojan Downloader

Risk: High Risk

* High risk threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction. May open up communication ports, use polymorphic tactics, stealth installations, and/or anti-spy counter measures. May use a security flaw in the operating system to gain access to your computer.

Description: ABox is an adult related adware component that uses trojan techniques to install itself. ABox is equipted with a trojan downloader that retrieves file from a remote ftp server. ABox's controling server is located at http://207.234.185.217. ABoz installs an application into the Windows system tray (abox.exe) that is loaded from the startup registry. This application displays links to adult related content from http://www.fast-loto.com. ABox is assocaited with http://www.voicekampala.com, Voice Ltd. , based out of Uganda. The Thawte code signing cert for the Abox installer was issued to Voice Ltd. "Voice's mission is producing interactive crossmedia applications that fulfil the vision of a multichannel, multidevice future. We want to help our clients build compelling e-commerce, content and community services that can be used by anyone, anywhere and at any time, using any Internet device including PCs, mobile phones, PDAs, digital TV platforms or any other gadget connected to the Net. We strive to build interesting destinations that empower people to interact with one another and build communities."

Alias: None

Signatures:
process: logon.exe: MD5 Hash: 54aa6971dfe66c6e684
process: abox.exe: MD5 Hash:
process: aboxinst_int2.exe: MD5 Hash: 8e8f6252fe26d05d237
process: abox.exe: MD5 Hash: 9d12f918a1c6d342aea
process: leisureboxinst_ppi1a.exe: MD5 Hash: 87ebec9c07ebea7ccc8
process: pi1_51.exe: MD5 Hash: 2d93b854d57c2b2061e
process: leisureboxinst_ppi1.exe: MD5 Hash: beecc7c04565d9b430d
process: pi1_51.exe: MD5 Hash: c4503b432c8009833e5..

Remove ABox

Removing ABox manually is not a recommended action for those who are not familiar with modifying their computer registry. For those who feel confident, you can try the following removal instructions:
  • Locate the following registry keys and delete them:
    1. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ABox = "C:\\WINDOWS\\ABox.exe"
    2. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WinLogon = "C:\\WINDOWS\\logon.exe"
  • Reboot your computer

Return to Trojan Horses Definitions(a)

Updated: 02/13/2006
Copyright @2006 THR Computer Solutions: ABox