Zefarch

Tuesday, 03 July 2012 23:14

Virus - Analysis

Trojan Zefarch is also known as Hiloti.

It loads a malicious DLL file in the address space of explorer.exe and other legitimate windows processes. It does this so as to hide its presence.

It may also create a browser extension to Firefox as well as Internet Explorer.

This virus is known to recreate the exe file, if it is deleted. Other components of this virus do that. Therefore unless all the files of his virus are detected and removed, the infection remains active. 

It has a keylogger program that can capture all user keystrokes (including username, password, credit card number, etc.)

It connects to malicious sites and downloads more harmful files.


It stops the Microsoft services
"ERSvc/ Error Reporting Service",
"wscsvc/ Security Center"


There is a good article on Symantec website that explains the other files created by this virus. You can read it on this link

< Prev   Next >

Main Menu

Home
----Sections----
Harmful Files
Virus Removal
Trojan Removal
Worms Removal
Rogues Removal
Unwanted Apps
Removal Tools
Current News
----Articles----
Warning/ Disclaimer
Common Folders
Preventive Measures
Removal Instructions
Video Tutorials
----Site Info----
Sitemap
About/Contact
Privacy Policy
Search this site
FAQ

Subscribe to me on YouTube