DivX Updater
Category: Trojan
Risk:
Severe Risk
* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.
Description: The classifications of DivX Updater vary from a browser hijacker to spam relay with backdoor capabilities. DivX Updater is a backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer over a network. The Trojan attempts to copy itself the Windows system folder as DIVX.EXE and creates the following entry in the registry to run itself on system restart: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ Troj/Muly-A opens a random port (the default is 6000) and listens for commands via a CGI script on a website. The Trojan also sends information about the victim's computer to the remote website. DivX Updater may attempt to update itself periodically via the remote website.
Alias: Troj/Muly-A
Signatures:
process: commx.exe: MD5 Hash: 6e2fe30b0f10388e96d
process: divx.exe: MD5 Hash: 0041b8317f7624adad0
process: divx.exe: MD5 Hash: bcfc0e6e854673a695c
process: main.exe: MD5 Hash: 4406ab85190b9490cce
process: pc32.exe: MD5 Hash: eccb1a485dadc8238d1
process: sys.exe: MD5 Hash: 63c42a0c4a22f833b8c
process: DivX.Exe: MD5 Hash:
process: DivX.Exe: MD5 Hash: ..
Copyright @2006 THR Computer Solutions: DivX Updater