Raila Odinga virus
Malware - Viruses

This particular threat is reported to be a kind of adware,  similar to Adware.Loadscc which is an adware program that generates funds to malware authors by contacting service provider to confirm the success of other malware installation.  Alias: W32.Voterai [Symantec]

The major indication of its infection are as follows

C:\Documents and Settings\[UserName]\Desktop\Raila Odinga.gif
C:\Windows\Temp\New Folder (2)\Raila Odinga.exe
C:\Windows\Temp\New Folder (2)\smss.exe
C:\Windows\System32\drivers\Raila Odinga.exe
C:\Windows\System32\drivers\smss.exe

C:\Windows\Temp\New Folder (2)\Raila Odinga.exe
C:\Windows\Temp\New Folder (2)\smss.exe 
C:\Windows\Temp\nskA.tmp\System.dll
C:\Windows\Temp\nst4.tmp\System.dll
C:\Windows\Temp\nst8.tmp\System.dll
C:\Windows\Temp\nsy2.tmp\System.dll
C:\Windows\Temp\nsy6.tmp\System.dll

C:\Documents and Settings\[UserName]\Start Menu\Programs\Startup\Raila Odinga.lnk
C:\Documents and Settings\[UserName]\Start Menu\Programs\Startup\smss.lnk

C:\Windows\wininit.ini

Process found in the Task Manager
Raila Odinga.exe (located in Temp folder and drivers folder)
smss.exe (located in Temp folder and drivers folder)

Added registry value

  • [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    • (Default) = "%System%\drivers\raila odinga"

 

You can see the Threatexpert report on this link

(Reprinted with permission from ThreatExpert)

Comments
Add New Search
Write comment
Name:
Email:
 
Title:
 

3.26 Copyright (C) 2008 Compojoom.com / Copyright (C) 2007 Alain Georgette / Copyright (C) 2006 Frantisek Hliva. All rights reserved."

< Prev   Next >
 
Privacy Policy