TROJ_JPRELNS.A
Windows 2000, XP, Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
TECHNICAL DETAILS
57,344 bytes
EXE
Yes
20 Oct 2010
Installation
This Trojan drops the following copies of itself into the affected system and executes them:
- %User Profile%\Application Data\Common Files\iexplore.exe
(Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.)
It drops the following files:
- %User Profile%\Application Data\Common Files\msupx.dll - non-malicious file
(Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.)
Autostart Technique
This Trojan adds the following registry entries to enable its automatic execution at every system startup:
HKEY_CURRENT_UDER\Software\Microsoft\
Windows\CurrentVersion\Run
IMJAPMIG8.1 = "%User Profile%\Application Data\Common Files\iexplore.exe"
It drops the following file(s) in the Windows User Startup folder to enable its automatic execution at every system startup:
- iexplore.exe