Home Malware Programs Trojans Unknown Trojan

Unknown Trojan

Posted: March 28, 2006

ScreenshotUnknown Trojan is the Trojan name that appears on fake error messages made by trojan makers to threaten and trick you into buying rogue anti-spyware applications like Files Secure.

You're not really infected with an 'Unknown Trojan', but, instead, you're infected with a Trojan that's found on fake video codecs. Most of the fake video codecs that are circulating on the Web are infected with a Trojan called Trojan.Zlob. If your computer displays an 'Unknown Trojan' error message similar to the example below, you may be infected with Trojan.Zlob. Do not click on the 'Unknown Trojan' error message and do not download any product it recommends.

Unknown Trojan error message:

System Error!

"Your computer was infected by an Unknown Trojan.
It's dangerous for your system (critical files can be lost)!
Click OK to download the antispyware program to clean your computer! (Recommended)"

Unknown Trojan

In the past, 'Unknown Trojan' was mentioned as a keylogger that can not be stopped by firewall, because the firewall sees it as a part of the web browser. Therefore, Unknown Trojan may pose a serious threat to your computer's privacy and security. Unknown Trojan may also change the homepage and monitor user's actions. The prime function is logging keystrokes, including passwords and bank accounts and sending them to hacker.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 bone1.exe
    2 dataclenu.dll
    3 domnftwpto.dll
    4 hsirziq.dll
    5 huriscos.dll
    6 isfmdl.dll
    7 jkklm.dll
    8 oggview32.dll
    9 pbukv2.dll
    10 pdswin.dll
    11 phwh11m3.dll
    12 poswin.dll
    13 pwnbho.dll
    14 qomllji.dll
    15 spads.dll
    16 tgfaifwm.dll
    17 vturppp.dll

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\shellbrowser\{9ee490a6-4079-7698-56ba-34c832f16bc9}HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser\{9ee490a6-4079-7698-56ba-34c832f16bc9}HKEY_LOCAL_MACHINE\software\classes\clsid\{549bc94f-06c7-db34-841d-44ebd1fd8f8d}HKEY_LOCAL_MACHINE\software\classes\clsid\{9ee490a6-4079-7698-56ba-34c832f16bc9}HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{9ee490a6-4079-7698-56ba-34c832f16bc9}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{549bc94f-06c7-db34-841d-44ebd1fd8f8d}HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\clsid\{549bc94f-06c7-db34-841d-44ebd1fd8f8d}HKEY_CLASSES_ROOT\clsid\{9ee490a6-4079-7698-56ba-34c832f16bc9}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\kind ooze
  • The following CLSID's were detected:
    HKEY..\..\{CLSID Path}FF64059D-4D2A-4D6B-AA0F-2EE4A2FE385644a5d01d-1dd0-4412-be7e-ce652025d43355E04179-C2DF-4D7F-B74E-3E644C98323769B98C68-D2B8-4A4E-9CB7-E85B6F3A7014369A87BB-07DF-4AB6-B23D-B5BF81338572CA4F0D8D-5F2B-4F16-838A-8D52249EAB2185589B5D-D53D-4237-A677-46B82EA275F383CDEF6B-98D2-4C60-84FC-00C44606A4F8a60e765a-fd37-4529-bf73-cf805dfd84ea4E7BD74F-2B8D-469E-A0E8-F479B685FA7D3D50DBC0-414E-480F-9C5E-5DB9E4568EF78E015787-B1E3-404a-95DE-3E71E1FA0305F10587E9-0E47-4CBE-84AE-7DD20B8684BB7E24E909-FB8A-4837-9DF7-05E7587CB26C4AAC4708-FE47-4B80-92EF-47406444DDD2CAA8DC4B-648A-4C2F-8F2A-39E607830DEF4EBAA7B0-740D-4CFA-9455-5C233BB354E13e0cee63-f8bc-4485-a745-cc01b2a0e9d99ee490a6-4079-7698-56ba-34c832f16bc9549bc94f-06c7-db34-841d-44ebd1fd8f8d

Related Posts

4 Comments

  • Stanley says:

    I have the same pop-up as the one in the beginning, the message saying "your computer was infected by unknown trojan," does this trojan log your keystrokes as well as fooling you into buying their software? I want to know, because I dont want to endanger my private information.

  • ghostrider01 says:

    Stanley, 

    Most likely, if you don't have any other parasites on your computer like keyloggers, Unknown trojan won't steal your sensitive information. But it will try to pursuade you to purchase rogue software.

  • KP says:

    i opening internet explorer i see that message " your computer infected unknown trojen, every site i opeining that message is coming. i click cancel site will open what can i do for not see that message future. can i delete that message anyway plz give information , thanks

  • D M says:

    Greetings. I am a computer tech and I appreciate your posting of this fake error message. I will now add your program to my list of cleaners. One of the computers I am working on for a client has this exact infection message. I have used Spybot Search & Destroy, Ad Aware, Avast Anti Virus, Hijack This, and XoftSpySE to clean the machine and still this @%$#(%% unknown trojan problem remained. The above programs are all excellent cleaners I regularly use, but this problem just happened to be a bit unique. Thanks again and I hope this helps someone else in the same situation.

Loading...