Member Avatar for Alex91

Please, help me!! I need take information about a virus Trojan.Win32.Cosmu.

  • 2 Contributors
  • 4 Replies
  • 160 Views
  • 6 Hours Discussion Span
  • Latest Post Latest Post by PhilliePhan

Recommended Answers

All 4 Replies

Member Avatar for Alex91

Does anybody know smth about it??? Wright me here please!

Member Avatar for PhilliePhan

Does anybody know smth about it??? Wright me here please!

Google it - see what the AV sites have to say about it.

Are you infected with it? If so, let us know and we can advise you further.

PP :)

Member Avatar for Alex91

No, I must do my work. It is a home-task)) Google cant help me. I find there only tables with the viruses((

Member Avatar for PhilliePhan

No, I must do my work. It is a home-task)

I do not know what that means.

If you need a sample of that particular malware, I can't help you.

Troj/Cosmu-A is a Trojan for the Windows platform.

Troj/Cosmu-A communicates via HTTP with the following locations:

kaderap . com


When Troj/Cosmu-A is installed the following files are created:

<User>\Local Settings\Application Data\Microsoft\mqtgsvc.exe
<System>\drivers\cisvc.exe
<System>\drivers\cmstp.exe
<Temp>\cisvc.exe

The following registry entries are created to run cisvc.exe and cmstp.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
CmSTP
<System>\drivers\cmstp.exe /waitservice

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Cisvc
<Temp>\cisvc.exe /waitservice

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
<System>\drivers\cisvc.exe

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
MqtgSVC
<Root>\DOCUME~1\support\LOCALS~1\APPLIC~1\MICROS~1\mqtgsvc.exe /waitservice

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.