Amongst other things this Trojan disables IE's Protected Mode even with Standard User account and UAC enabled with Windows 7.
It has a valid digital signature from WoSign.
To disable the Protected Mode it writes the following to the registry:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"TabProcGrowth"=dword:00000000
Info: "Setting TabProcGrowth to a value of zero disables Protected Mode for IE Security Zones."
http://www.ie8blog.com/2009/09/22/setti ... ity-zones/
VT: http://www.virustotal.com/file-scan/rep ... 1292583106
pw: infected
Cheers
It has a valid digital signature from WoSign.
To disable the Protected Mode it writes the following to the registry:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"TabProcGrowth"=dword:00000000
Info: "Setting TabProcGrowth to a value of zero disables Protected Mode for IE Security Zones."
http://www.ie8blog.com/2009/09/22/setti ... ity-zones/
VT: http://www.virustotal.com/file-scan/rep ... 1292583106
pw: infected
Cheers
Attachments
(61.34 KiB) Downloaded 56 times