(imported topic written by Ashwin.D91)
Hey guys,
I’m thinking of how to write a custom fixlet if I want to find the presence of this virus in a computer. There is no fixed filename that it uses or no fixed registry key.
If not, is there a fixlet that does it?
Thanks,
Ashwin
(imported comment written by BenKus)
Hey Ashwin,
We haven’t made a Fixlet for this ourselves… Do you know if there is any pattern to how it is installed?
Ben
(imported comment written by Ashwin.D91)
That is the problem.
The latest version of the trojan has a random name which is similar to a lot of windows system files and it attaches itself to the Registry Key to run on startup. Now, since the file name is unknown, i don’t know what query can be used to check for the existance of the trojan. Which is why I asked.
Thanks,
Ashwin