Home / Spyware Encyclopedia / Trojan.DNSChanger
Recommendation to Automatically remove Trojan.DNSChanger

Spyware Detector can remove Trojan.DNSChanger, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.
 Trojan.DNSChanger Technical Details
Category Trojan
Discovered 8/19/2006 1:15:00 PM
Modified 1/22/2010 1:46:22 PM
Threat Level Critical
Category Description

A destructive program that masquerades as a benign application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. One of the most insidious types of Trojan horse is a program that claims to rid your computer of viruses but instead introduces viruses onto your computer.
Notice
Summary

The following http urls were started N/A
• yourcodec.com/download/yourcodec1110.exe
The following http urls were started N/A
The following internet connection was established N/A

The following Files were created:

Name Version Publisher Signature (MD5) File Size (in KB)
..\Temp\20D76A28.EXE 1.0.0.4 First 4 Internet 93db3a3e09ab5dca68e2f2dca92f64c3 11776
[SAMPLE] 1.0.0.4 First 4 Internet 93db3a3e09ab5dca68e2f2dca92f64c3 11776
[SAMPLE] 1.0.0.0 DXCODEC LLC ad1e2e1a8724bd9d9880fbd893ed5a71 65573
[SAMPLE] 1.0.0.0 DXCODEC LLC 4385215cd6dfd4af61f5041c0e817330 65573
..\Temp\1245788A.EXE 1.0.0.1 BitAccelerator a1caf2b756e1a5f7937b49cdbadc45ab 378879
[SAMPLE] 1.0.0.1 BitAccelerator a1caf2b756e1a5f7937b49cdbadc45ab 378879
..\Temp\9A177CF9.EXE 1.0.0.1 ADSTechnology c946296baa4d838f7d434ac17dc4fb90 318859
[SAMPLE] 1.0.0.1 ADSTechnology c946296baa4d838f7d434ac17dc4fb90 318859
..\Temp\9D6B5506.EXE     ffbb634b717293969e5a0568ff2c8bb0 34816
[SAMPLE]     ffbb634b717293969e5a0568ff2c8bb0 34816
[SAMPLE] 1.0.0.1   ff9d771247db6a44580516e15a5aeaf8 10752
[SAMPLE]     ff65716f075d2190f5ef41872bb5b02d 233309
[SAMPLE]     ff537692f8ca3c614675be70c5987cbd 53248
[SAMPLE]     ff07e3aa04f08f2d7b003cccee4d37f0 35852
[SAMPLE]     fec3de3f7e9508688fa1620c62d338aa 68636
[SAMPLE]     fe765a0bc671f532a3cc5ffe53a465aa 63488
..\Temp\9873EA55.EXE     fe7518545944a156830d9dbc5125fc1b 52736
[SAMPLE]     fe7518545944a156830d9dbc5125fc1b 52736
..\defnl.exe     fe1cf5392c6747985d6f857448f93d28 34852
..\Temp\defnl.exe     fe1cf5392c6747985d6f857448f93d28 34852
[SAMPLE]     fe1cf5392c6747985d6f857448f93d28 34852
[SAMPLE]     fe1895bd636788a28d3b0c61fd34582a 233137
[SAMPLE]     fdf2f00f58b5b8249f255570036e4fff 233286
[SAMPLE]     fdb0dc8af9fb82ea314cde692668825b 28192
[SAMPLE]     fdad3499cec300cd1d17240d98137e70 233350

The following Registry Entries were created:

..\Software\Microsoft\Windows\CurrentVersion\\"kdird.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdfpd.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdaac.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdzic.exe"
..\Software\Microsoft\Windows NT\CurrentVersion\WINLOGON\"SHELL"\"EXPLORER.EXE "%ROOT%\INPUT\TROJAN.WIN32.DNSCHANGER.COE\D6C62229.EXE""
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell"\"Explorer.exe "%DAS.AU.LS%\Temp\4FF58803.EXE""
..\Software\Microsoft\Windows NT\CurrentVersion\WINLOGON\"SHELL"\"EXPLORER.EXE REGSVR.EXE"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdeju.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdeju.exe"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdzac.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdzac.exe"
..\Software\Microsoft\Windows\CurrentVersion\Run\\"%WIN.SYS32%\kdzac.exe"\"%WIN.SYS32%\kdzac.exe"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdknz.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdknz.exe"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdeka.exe"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdycz.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdycz.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"dpid"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdhcn.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdhcn.exe"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdksz.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdksz.exe"
..\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\"System"\"kdrqu.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"kdrqu.exe"
..\Software\Microsoft\Windows\CurrentVersion\\"dwpid"
Recommendation to Automatically remove Trojan.DNSChanger

Spyware Detector can remove Trojan.DNSChanger, and thousands of other Spyware automatically and instantly. Click here to download Spyware Detector and scan for free.
 
Search Threats
Customer Service Rating by LivePerson