Type
Trojan
Description
Troj/Regldr-A is a simple Trojan that copies itself to the windows folder as the file Reg32.exe and sets the following registry entry so that it will be executed on system restart:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Reg32
= C:\Windows\Reg32.exe
Troj/Regldr-A will also set the registry entries listed below to point to the page secure.html located in the default Windows folder. This HTML page claims that the system has been compromised by spyware and prompts the user to visit the URL http://www.privacyoutpost.com/enter.html?wm=dkvage.
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKCU\Software\Microsoft\Internet Explorer\Main\Local Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKLM\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKLM\Software\Microdoft\Internet Explorer\Main\Local Page
HKLM\Software\Microsoft\Internet explorer\Main\Start Page
http://www.sophos.com/virusinfo/analyses/trojregldra.html
 | Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years. Thanks, CNET Support |
General discussion
Troj/Regldr-A
Discussion is locked
CNET Forums
Operating Systems
Software
Electronics & Gadgets
Hardware
Tablets & Mobile Devices
General Help
Roadshow Autos
Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic