Category Viruses and Spyware
Troj/Pushu-Gen is a family of Trojans for the Windows platform.
When members of Troj/Pushu-Gen are installed one of the following files is usually created:
These files may be registered as a new system driver service named for example "Restore", "Ip6Fw", "NetDetect" or "Secdrv". Registry entries are created under:
When members of Troj/Pushu-Gen are installed the following file is also usually created:
runtime.sys is usually registered as a new system driver service named "Runtime". Registry entries are created under:
This application has been observed along with the installation of CoreFlood.dr and CoreFlood.dll where a file named sstore2K.exe is observed to have been downloaded from mcupdate.net.
sstore2K.exe is an application used to export certificates from the windows certificate store (assuming administrator privileges) . It marks all the certificates as exportable and can store them in a file which is later uploaded to its server. This application also attempts to acquire the private key for every certificate, which could possibly be used for impersonation.