English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Trojan.Win32.Pasta.kri

Detected Apr 26 2010 20:02 GMT
Released Apr 27 2010 03:50 GMT

This is a description which has been automatically generated following analysis of this program on a test machine. This description may contain incomplete or inaccurate information.

Summary


Technical details

File size of 142848 bytes.


Installation

Makes copies of itself with the following names once launched:

  • Current user directory (usually, C:\Documents and Settings\) %UserDir%\Application Data\cssrs.exe


Malicious activity

Creates the following files:

  • Current user directory (usually, C:\Documents and Settings\) %UserDir%\Start Menu\Programs\Startup\cssrs.exe (­Kaspersky Anti-Virus detects as­ Trojan.Win32.Pasta.kri)

Ensures subsequent Using the system registry, system services or special system files, the program can launch itself or launch the creation of its files every time the Windows OS is subsequently booted autorun of installed files:

  • Current user directory (usually, C:\Documents and Settings\) %UserDir%\Start Menu\Programs\Startup\cssrs.exe (­Kaspersky Anti-Virus detects as­ Trojan.Win32.Pasta.kri)

Creates unique identifiers to flag its presence in the system

  • asdfoijq889aqewhqwe82nt
  • esdfsfweqjjjeewhqxfjknt


Other activities

Runs the following files (commands):

  • Current user directory (usually, C:\Documents and Settings\) %UserDir%\Application Data\cssrs.exe
  • Current user directory (usually, C:\Documents and Settings\) %UserDir%\Start Menu\Programs\Startup\cssrs.exe


Bookmark and Share
Share
Trojan

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.


Aliases

Trojan.Win32.Pasta.kri (Kaspersky Lab) is also known as:

  • Trojan.Agent-270034 (ClamAV)
  • BC.Heuristic.Trojan.SusPacked.BF-6.B (ClamAV)
  • Trojan.Agent-270035 (ClamAV)
  • Trojan.Pasta-4 (ClamAV)
  • Trojan:Win32/Startpage.gen!A (MS(OneCare))
  • Trojan.Win32.Pasta (Ikarus)
  • W32/Obfuscated.H3!genr (Norman)
  • W32/Troj_Generic.AOHEC (Norman)
  • W32/Troj_Generic.BAXBL (Norman)
  • W32/Troj_Generic.AOFAS (Norman)
  • Trojan.StartPage.ZSB [Aquarius] (FSecure)
  • W32/Pasta.KRI!tr (Fortinet)