ACM_KENILFE.B
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It modifies files, disabling programs and applications from properly running.
TECHNICAL DETAILS
21,513 bytes
Other
No
22 Oct 2011
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following copies of itself into the affected system:
- {Autocad installation folder}\acad.fas
- {Autocad fonts folder}\txtautoz.shx
It creates the following folders:
- C:\Bakdirectory
Other System Modifications
This Trojan modifies the following files:
- acad.mnl
NOTES:
It stores configuration information in the following registry location:
HKEY_CURRENT_USER\Software\fileken\settings
HKEY_CURRENT_USER\Software\KenFiles\settings
It sends a PING command to the following sites:
- {BLOCKED}36.100.100
- {BLOCKED}jxx.2288.org
It checks if the following files are present in the system, if found, deletes the found files:
- arxfucker.dll
- acad.sys
- acadsmu.fas
- acadapq.lsp
- acadappp.lsp
- acadapp.lsp
- dwgrun.bat
- winfas.ini
- acadiso.lsp
- acad.fas
- isomianyi.shx
- acad.fas1
- lcm.fas
- isohztxt.shx