Tuesday, 03 July 2012 23:14
Trojan Zefarch is also known as Hiloti.
It loads a malicious DLL file in the address space of explorer.exe and other legitimate windows processes. It does this so as to hide its presence.
It may also create a browser extension to Firefox as well as Internet Explorer.
This virus is known to recreate the exe file, if it is deleted. Other components of this virus do that. Therefore unless all the files of his virus are detected and removed, the infection remains active.
It has a keylogger program that can capture all user keystrokes (including username, password, credit card number, etc.)
It connects to malicious sites and downloads more harmful files.
It stops the Microsoft services
"ERSvc/ Error Reporting Service",
"wscsvc/ Security Center"
There is a good article on Symantec website that explains the other files created by this virus. You can read it on this link
|< Prev||Next >|