Win32/Barkiofork [Threat Name] go to Threat

Win32/Barkiofork.A [Threat Variant Name]

Category trojan
Size 56208 B
Detection created Sep 27, 2011
Detection database version 6498
Aliases Trojan-Spy.Win32.Agent.buga (Kaspersky)
  Trojan:Win32/Barkiofork.A (Microsoft)
Short description

Win32/Barkiofork.A is a trojan which tries to download other malware from the Internet.

Installation

When executed, the trojan creates the following files:

  • %systemroot%\­ntshrui.dll (47616 B)

The following Registry entry is set:

  • [HKEY_CURRENT_USER\­Software\­Microsoft\­Windows\­CurrentVersion\­Explorer]
    • "DesktopProcess" = 1

The trojan may create the following files:

  • %systemdrive%\­adobeup.exe

The trojan sets the following environment variables:

  • %SystemRoot% = %systemroot%\­ntshrui.dll

The trojan launches the following processes:

  • %systemroot%\­explorer.exe

This causes the trojan to be executed on every application start.

Other information

Win32/Barkiofork.A is a trojan which tries to download other malware from the Internet.


The trojan contains an URL address. It tries to download a file from the address.


The file is stored in the following location:

  • %temp%\­update.exe

The file is then executed. The HTTP protocol is used.

Please enable Javascript to ensure correct displaying of this content and refresh this page.