TROJ_DROPPR.SMAK
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It deletes registry entries, causing some applications and programs to not function properly.
It deletes itself after execution.
TECHNICAL DETAILS
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other System Modifications
This Trojan deletes the following registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DhcpNameServer = "{IP address}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters
DhcpDomain = "localdomain"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters\
Interfaces\{Network ID}
DhcpNameServer = "{IP address}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters\
Interfaces\{Network ID}
DhcpDefaultGateway = "{hex value}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters\
Interfaces\{Network ID}
DhcpDomain = "localdomain"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\Tcpip\Parameters\
Interfaces\{Network ID}
DhcpSubnetMaskOpt = "{hex value}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{Network ID}\Parameters\
Tcpip
DhcpDefaultGateway = "{hex value}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\{Network ID}\Parameters\
Tcpip
DhcpSubnetMaskOpt = "{hex value}"
Other Details
This Trojan deletes itself after execution.