Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Dasmin-E

Feb 27, 2004 12:22AM PST

Aliases
Trojan.Win32.Dasmin.b, AdClicker-H, TROJ_DASMIN.E

Type
Trojan

Description
Troj/Dasmin-E is a backdoor Trojan that also may change Internet Explorer startup and search pages.
When executed Troj/Dasmin-E copies itself to the Windows System folder with the filenames REGCPM32.EXE and WINUPD.EXE, SCVHOST.EXE or IEXPRES.EXE and sets the following registry entries with the path to the REGCPM32.EXE:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\RegCompres
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\RegCompres

Troj/Dasmin-E sets the following entries with the path to the second copy:

HKLM\Software\Microsoft\Windows\CurrentVersion\
Run\MSStartOptimizer

HKLM\Software\Microsoft\Windows\CurrentVersion\
RunServices\MSStartOptimizer

Running in the background Troj/Dasmin-E periodically recreates the copies and registry entries.

Troj/Dasmin-E notifies the intruder about successful infections.

http://www.sophos.com/virusinfo/analyses/trojdasmine.html

Discussion is locked