|Detected||Sep 08 2011 13:33 GMT|
|Released||Jun 25 2012 19:17 GMT|
|Published||Sep 08 2011 13:33 GMT|
A trojan program that carries out destructive actions on the user's computer. It is a Visual Basic Script file. 803 bytes.
After launching, the trojan changes the value of the system registry key as follows:
[HKCU\Software\Microsoft\Internet Explorer\Main] "Start Page" = "www.5***iling.com" "Search Page" = "www.5***ling.com" "default_page_url" = "www.5***ling.com" [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "safe360" = "%ProgramFiles%\Common Files\sebsbvx\coiome.exeThis changes the default home page and search page on the Internet Explorer browser. It also automatically launches a file named "coiome.exe" every time the system is started up.
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
[HKCU\Software\Microsoft\Internet Explorer\Main] "Start Page" "Search Page" "default_page_url"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "safe360" = "%ProgramFiles%\Common Files\sebsbvx\coiome.exe
%Temporary Internet Files%
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.