Logo_Malware
Fynloski is a trojan usually installs without your knowledge vith the download of freeware. In fact some sites use the method of repackaging. This is an operation that is to redo the module software installation by adding download options. These options allow to add other software as for example toolbars browser, or potentially unwanted software. The addition of these new programs can decrease the performance of the system but also slow or redirect internet surfing.
Identified : 08/22/2013.

0_Features

– It belongs to a family of Trojan.
– A polluteware is a software that pollutes storage and/or the Base of registers.
– Vendor : PUP.Optional

0_Main_Actions

– It installs as a process launched at startup of the system (RP),
– It settled in the Base of registers to be launched each time with the system (O4).
– It creates to many registry keys ‘Software’
– It creates additional folders (O43),
– It moved to the Windows prefetcher folder (O45).
– It creates a registry StartupReg key (O53),
– It creates multiple files users (O61),

0_Zhpdiag

[HKLM\SOFTWARE\Microsoft\Security Center] AntiVirusDisableNotify: Modified[HKLM\SOFTWARE\Microsoft\Security Center] FirewallDisableNotify: Modified[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: Modified
O4 – HKCU\..\Run: [winupdater] . (.Microsoft Corporation – Visual Basic Command Line Compiler.) — C:\Windupdt\winupdate.exe
O4 – HKCU\..\Run: [Winupdater] . (.Microsoft Corporation – Visual Basic Command Line Compiler.) — C:\Users\Coolman\AppData\Roaming\WinUpdater\sife.exe
O4 – HKCU\..\Run: [winupdater] . (.Beepa Pty Ltd.) — C:\Windows\SysWOW64\Windupdt\winupdate.exe
O4 – HKLM\..\Run: [msnmsg] . (.Beepa Pty Ltd.) — C:\Windows\SysWOW64\Windupdt\winupdate.exe
HKCU\Software\DC3_FEXEC
O43 – CFD: 07/10/2012 – 17:28:35 – [1,116] —-D C:\Users\Coolman\AppData\Roaming\WinUpdater
O53 – SMSR:HKLM\…\startupreg\winupdater [Key] . (.Beepa Pty Ltd.) — C:\Windupdt\winupdate.exe
O61 – LFC:Last File Created 07/10/2012 – 17:26:36 —A- C:\Users\baptiste\AppData\Roaming\WinUpdater\ainfaezf [774] [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:winupdater[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]:MicroUpdate[HKCU\Software\DC3_FEXEC] C:\Users\Coolman\AppData\Roaming\WinUpdater
C:\Users\Coolman\AppData\Roaming\WinUpdate.exe
C:\Program Files\Windupdt
C:\Windows\system32\Windupdt
C:\Program Files\Windupdt\winup.exe
C:\Windupdt\winupdate.exe

0_Alias

TROJ_SCAR.RJ [Trend Micro] Malware.Trace [MBAM] Malware.Generic [MBAM] Backdoor:Win32/Fynloski.A [Microsoft] Trojan.Win32.Spy [Ikarus] Backdoor.Krademok
Backdoor.Win32.Curioso
Backdoor.Fynloski
Trojan.Win32.Cdur

Remove_Software

– Remove software in Windows Configuration Panel,
0_ZHPcleaner
Remove with ZHPcleaner
ZHPCleaner_EN2
0_Zhpdiag
Diagnose with ZHPDiag
ZHPDiag_2-300x220

2016-12-30T07:34:19+00:00 Categories: Polluteware, Trojan|Tags: , |Comments Off on Trojan.Fynloski