Win32/AHK [Threat Name] go to Threat

Win32/AHK.A [Threat Variant Name]

Category trojan,worm
Size 203240 B
Detection created Dec 22, 2007
Detection database version 2742
Aliases Backdoor.Trojan (Symantec)
Short description

Win32/AHK.A is a trojan that terminates specific applications. The file is run-time compressed using UPX .

Installation

When executed, the trojan copies itself into the following location:

  • c:\­windows\­syshost.exe

In order to be executed on every system start, the trojan sets the following Registry entry:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "winlogon" = "c:\­windows\­syshost.exe"
Other information

The trojan terminates any program that creates a window containing any of the following strings in its name:

  • gmail
  • hotmail
  • rediff
  • yahoo

Please enable Javascript to ensure correct displaying of this content and refresh this page.