Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Troj/Multidr-K

Feb 26, 2004 12:22AM PST

Aliases
I-Worm.Wozer.c, MultiDropper-BU

Type
Trojan

Description
Troj/Multidr-K is a Trojan which will copy itself into the Windows System folder using a randomly generated numerical filename e.g. 25253.EXE and also drop a small batch file into the same folder which will delete the Trojan and itself upon execution.
This Trojan will set the following registry entry:

HKLM\Software\Microsoft\Denial\

Troj/Multidr-K will also change a value in the C:\<Windows>\SYSTEM.INI file so that the Trojan is executed upon startup:

section : boot
parameter: shell
value : EXPLORER.EXE C:\<Windows System>\25253.EXE

http://www.sophos.com/virusinfo/analyses/trojmultidrk.html

Discussion is locked