2
Contributors
4
Replies
5
Views
7 Years
Discussion Span
Last Post by PhilliePhan
0

Does anybody know smth about it??? Wright me here please!

0

Does anybody know smth about it??? Wright me here please!

Google it - see what the AV sites have to say about it.

Are you infected with it? If so, let us know and we can advise you further.

PP :)

0

No, I must do my work. It is a home-task)) Google cant help me. I find there only tables with the viruses((

0

No, I must do my work. It is a home-task)

I do not know what that means.

If you need a sample of that particular malware, I can't help you.

Troj/Cosmu-A is a Trojan for the Windows platform.

Troj/Cosmu-A communicates via HTTP with the following locations:

kaderap . com


When Troj/Cosmu-A is installed the following files are created:

<User>\Local Settings\Application Data\Microsoft\mqtgsvc.exe
<System>\drivers\cisvc.exe
<System>\drivers\cmstp.exe
<Temp>\cisvc.exe

The following registry entries are created to run cisvc.exe and cmstp.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
CmSTP
<System>\drivers\cmstp.exe /waitservice

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Cisvc
<Temp>\cisvc.exe /waitservice

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
<System>\drivers\cisvc.exe

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
MqtgSVC
<Root>\DOCUME~1\support\LOCALS~1\APPLIC~1\MICROS~1\mqtgsvc.exe /waitservice

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.