Trojan Horses Definitions(k) - Krepper

Krepper

Category: Trojan Downloader

Risk: Severe Risk

* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Description: Krepper is a trojan virus, that modifies website surfing to display advertising, and downloads additional threats Will add start autorun keys in the registry to make sure it runs on startup. HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ xp_system = c:\windows\inetper\services.exe The xp_system Registry value keys it to Krepper.

Alias: wootbot

Signatures:
process: services.exe: MD5 Hash: 4bfb9631a3c8c2099a8
process: services.exe: MD5 Hash: 592f6f3e4ba8d8fc19d
process: services.exe: MD5 Hash: 305a3f74eb2039f97ec
process: services.exe: MD5 Hash: 44489a5b3289cf6de50
process: services.exe: MD5 Hash: 6705c9c226b93b7bca5
process: services.exe: MD5 Hash: 2a26d19194607d4bacf
process: services.exe: MD5 Hash: 4fb7a273a244f4366bb
process: wmplayer.exe: MD5 Hash: 9427088e4d5e6a91f78
process: services.exe: MD5 Hash: 96743cddfaabebf4699
process: services.exe: MD5 Hash: 4b2d40af6789fa5680f
process: services.exe: MD5 Hash: 5c72fedb65e57b9b5c0
process: services.exe: MD5 Hash: 6848d6b375ff213c6d8
process: services.exe: MD5 Hash: 6848d6b375ff213c6d8
process: sndcfg16.exe: MD5 Hash: 9b4a75065033225de68
process: svchost.exe: MD5 Hash: 7b2941cbed7d3dcdf44
process: sysstartup.exe: MD5 Hash: db9ffa8f8895914558b
process: 11110000.exe: MD5 Hash: 3000e40740403ea69a8
process: sndcfg16.exe: MD5 Hash: 632b8efa3758e7b8e4a
process: mm1.exe: MD5 Hash: 22bef9cb23ba26c9fe4
process: mm.exe: MD5 Hash: 0f66e551072bf17545b
process: alg.exe: MD5 Hash: bf55b808df2231a617e
process: web.exe: MD5 Hash: 1e412c27ae7d4773410
process: services.exe: MD5 Hash: dd33fef8b9eb519805e
process: mm.exe: MD5 Hash: 536de048c9598fd498b
process: services.exe: MD5 Hash: 590e000e4d691b12aba
process: winlogon.exe: MD5 Hash: 37aea43a4872387d7fe
process: killer.exe: MD5 Hash: 01a505447ec227d3a45
process: socks.exe: MD5 Hash: add16288f00f55f6dc8
process: mm2.exe: MD5 Hash: b0369c1d8594cde96ab
process: 1.exe: MD5 Hash: 198ee7de93744059e91
process: services.exe: MD5 Hash: b0cb8ea055d6e92a4fe
process: winlogon.exe: MD5 Hash: 0077eb29e1533faa065
process: mm4.exe: MD5 Hash: 282d1aa2c06e9ca11e7
process: services.exe: MD5 Hash: 6d9041abd5b73c80bd8
process: winlogon.exe: MD5 Hash: 3a3d3668eeba14fa8ff
process: winlogon.exe: MD5 Hash: 2c3bea89e1310ac904c
process: services.exe: MD5 Hash: 395cf1ae833aec897dd
process: winlogon.exe: MD5 Hash: 7df46c951c875204f70..

Updated: 02/17/2006
Copyright @2006 THR Computer Solutions: Krepper