Home Malware Programs Trojans Trojan.Win32.Pakes.oxy

Trojan.Win32.Pakes.oxy

Posted: August 19, 2011

Trojan.Win32.Pakes.oxy is a Trojan that allows Internet attackers to remotely access and monitor a PC. Trojan.Win32.Pakes.oxy can steal your personal information and send it to remote attackers. Trojan.Win32.Pakes.oxy adds it start-up registry entry so that it could run automatically every time you start your computer. Once Trojan.Win32.Pakes.oxy is installed on your PC, it will reduce your PC performance and slow down your computer. Uninstall Trojan.Win32.Pakes.oxy immediately upon detection before it harms your computer system.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%ProgramFiles%\Bifrost\lol.exe File name: %ProgramFiles%\Bifrost\lol.exe
Size: 62B (62 bytes)
MD5: 0xDBCBD7D171081EA92EA7488DAD881C
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe File name: %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe File name: %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe File name: %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe File name: %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\Connection Wizard\icwrmind.exe File name: %ProgramFiles%\Internet Explorer\Connection Wizard\icwrmind.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\Connection Wizard\icwtutor.exe File name: %ProgramFiles%\Internet Explorer\Connection Wizard\icwtutor.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\iedw.exe File name: %ProgramFiles%\Internet Explorer\iedw.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Internet Explorer\IEXPLORE.EXE File name: %ProgramFiles%\Internet Explorer\IEXPLORE.EXE
File type: Executable File
Mime Type: unknown/EXE
%ProgramFiles%\MSN\MSNIA\msniasvc.exe File name: %ProgramFiles%\MSN\MSNIA\msniasvc.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\MSN\MSNIA\prestp.exe File name: %ProgramFiles%\MSN\MSNIA\prestp.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\MSN\MsnInstaller\msninst.exe File name: %ProgramFiles%\MSN\MsnInstaller\msninst.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\NetMeeting\conf.exe File name: %ProgramFiles%\NetMeeting\conf.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\NetMeeting\cb32.exe File name: %ProgramFiles%\NetMeeting\cb32.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\NetMeeting\wb32.exe File name: %ProgramFiles%\NetMeeting\wb32.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Windows Media Player\mplayer2.exe File name: %ProgramFiles%\Windows Media Player\mplayer2.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Windows Media Player\migrate.exe File name: %ProgramFiles%\Windows Media Player\migrate.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Windows Media Player\setup_wm.exe File name: %ProgramFiles%\Windows Media Player\setup_wm.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Windows Media Player\wmplayer.exe File name: %ProgramFiles%\Windows Media Player\wmplayer.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Outlook Express\msimn.exe File name: %ProgramFiles%\Outlook Express\msimn.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Outlook Express\oemig50.exe File name: %ProgramFiles%\Outlook Express\oemig50.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Outlook Express\setup50.exe File name: %ProgramFiles%\Outlook Express\setup50.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Outlook Express\wab.exe File name: %ProgramFiles%\Outlook Express\wab.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Outlook Express\wabmig.exe File name: %ProgramFiles%\Outlook Express\wabmig.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Web Publish\WPWIZ.EXE File name: %ProgramFiles%\Web Publish\WPWIZ.EXE
File type: Executable File
Mime Type: unknown/EXE
%ProgramFiles%\Windows NT\Accessories\wordpad.exe File name: %ProgramFiles%\Windows NT\Accessories\wordpad.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Windows NT\dialer.exe File name: %ProgramFiles%\Windows NT\dialer.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Windows NT\hypertrm.exe File name: %ProgramFiles%\Windows NT\hypertrm.exe
File type: Executable File
Mime Type: unknown/exe
%ProgramFiles%\Windows NT\Pinball\PINBALL.EXE File name: %ProgramFiles%\Windows NT\Pinball\PINBALL.EXE
File type: Executable File
Mime Type: unknown/EXE
%Windir%\Cache\Adobe Reader 6.0.1\ENUBIG\setup.exe File name: %Windir%\Cache\Adobe Reader 6.0.1\ENUBIG\setup.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\msagent\agentsvr.exe File name: %Windir%\msagent\agentsvr.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\mui\muisetup.exe File name: %Windir%\mui\muisetup.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\NOTEPAD.EXE File name: %Windir%\NOTEPAD.EXE
File type: Executable File
Mime Type: unknown/EXE
%Windir%\pchealth\helpctr\binaries\msconfig.exe File name: %Windir%\pchealth\helpctr\binaries\msconfig.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\pchealth\helpctr\binaries\notiflag.exe File name: %Windir%\pchealth\helpctr\binaries\notiflag.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\pchealth\UploadLB\Binaries\UploadM.exe File name: %Windir%\pchealth\UploadLB\Binaries\UploadM.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\pchealth\helpctr\binaries\HelpCtr.exe File name: %Windir%\pchealth\helpctr\binaries\HelpCtr.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\pchealth\helpctr\binaries\HelpHost.exe File name: %Windir%\pchealth\helpctr\binaries\HelpHost.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\pchealth\helpctr\binaries\HelpSvc.exe File name: %Windir%\pchealth\helpctr\binaries\HelpSvc.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\pchealth\helpctr\binaries\HscUpd.exe File name: %Windir%\pchealth\helpctr\binaries\HscUpd.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\hh.exe File name: %Windir%\hh.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\inf\unregmp2.exe File name: %Windir%\inf\unregmp2.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe File name: %Windir%\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\NETFXSBS10.exe File name: %Windir%\Microsoft.NET\Framework\NETFXSBS10.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\Microsoft.NET\Framework\v2.0.50727\jsc.exe File name: %Windir%\Microsoft.NET\Framework\v2.0.50727\jsc.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\regedit.exe File name: %Windir%\regedit.exe
File type: Executable File
Mime Type: unknown/exe
%System%\attrib.exe File name: %System%\attrib.exe
File type: Executable File
Mime Type: unknown/exe
%System%\auditusr.exe File name: %System%\auditusr.exe
File type: Executable File
Mime Type: unknown/exe
%System%\accwiz.exe File name: %System%\accwiz.exe
File type: Executable File
Mime Type: unknown/exe
%System%\actmovie.exe File name: %System%\actmovie.exe
File type: Executable File
Mime Type: unknown/exe
%System%\asr_pfu.exe File name: %System%\asr_pfu.exe
File type: Executable File
Mime Type: unknown/exe
%System%\at.exe File name: %System%\at.exe
File type: Executable File
Mime Type: unknown/exe
%System%\atmadm.exe File name: %System%\atmadm.exe
File type: Executable File
Mime Type: unknown/exe
%System%\ahui.exe File name: %System%\ahui.exe
File type: Executable File
Mime Type: unknown/exe
%System%\arp.exe File name: %System%\arp.exe
File type: Executable File
Mime Type: unknown/exe
%System%\asr_fmt.exe File name: %System%\asr_fmt.exe
File type: Executable File
Mime Type: unknown/exe
%System%\asr_ldm.exe File name: %System%\asr_ldm.exe
File type: Executable File
Mime Type: unknown/exe
%System%\blastcln.exe File name: %System%\blastcln.exe
File type: Executable File
Mime Type: unknown/exe
%System%\bootcfg.exe File name: %System%\bootcfg.exe
File type: Executable File
Mime Type: unknown/exe
%System%\bootok.exe File name: %System%\bootok.exe
File type: Executable File
Mime Type: unknown/exe
%System%\bootvrfy.exe File name: %System%\bootvrfy.exe
File type: Executable File
Mime Type: unknown/exe
%System%\comp.exe File name: %System%\comp.exe
File type: Executable File
Mime Type: unknown/exe
%System%\compact.exe File name: %System%\compact.exe
File type: Executable File
Mime Type: unknown/exe
%System%\control.exe File name: %System%\control.exe
File type: Executable File
Mime Type: unknown/exe
%System%\convert.exe File name: %System%\convert.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cacls.exe File name: %System%\cacls.exe
File type: Executable File
Mime Type: unknown/exe
%System%\calc.exe File name: %System%\calc.exe
File type: Executable File
Mime Type: unknown/exe
%System%\charmap.exe File name: %System%\charmap.exe
File type: Executable File
Mime Type: unknown/exe
%System%\chkdsk.exe File name: %System%\chkdsk.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cmdl32.exe File name: %System%\cmdl32.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cmmon32.exe File name: %System%\cmmon32.exe
File type: Executable File
Mime Type: unknown/exe
%System%\conime.exe File name: %System%\conime.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cscript.exe File name: %System%\cscript.exe
File type: Executable File
Mime Type: unknown/exe
%System%\ctfmon.exe File name: %System%\ctfmon.exe
File type: Executable File
Mime Type: unknown/exe
%System%\dcomcnfg.exe File name: %System%\dcomcnfg.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cmstp.exe File name: %System%\cmstp.exe
File type: Executable File
Mime Type: unknown/exe
%System%\Com\comrepl.exe File name: %System%\Com\comrepl.exe
File type: Executable File
Mime Type: unknown/exe
%System%\Com\comrereg.exe File name: %System%\Com\comrereg.exe
File type: Executable File
Mime Type: unknown/exe
%System%\chkntfs.exe File name: %System%\chkntfs.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cidaemon.exe File name: %System%\cidaemon.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cipher.exe File name: %System%\cipher.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cisvc.exe File name: %System%\cisvc.exe
File type: Executable File
Mime Type: unknown/exe
%System%\ckcnv.exe File name: %System%\ckcnv.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cleanmgr.exe File name: %System%\cleanmgr.exe
File type: Executable File
Mime Type: unknown/exe
%System%\clean_all.exe File name: %System%\clean_all.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cliconfg.exe File name: %System%\cliconfg.exe
File type: Executable File
Mime Type: unknown/exe
%System%\clipbrd.exe File name: %System%\clipbrd.exe
File type: Executable File
Mime Type: unknown/exe
%System%\clipsrv.exe File name: %System%\clipsrv.exe
File type: Executable File
Mime Type: unknown/exe
%System%\cmd.exe File name: %System%\cmd.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836} stubpath = "%ProgramFiles%\Bifrost\lol.exe s"HKEY_LOCAL_MACHINE\SOFTWARE\Bifrost nck = ED 1B E6 27 B9 28 D6 32 74 C3 CD 74 FA 93 5B 67HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer UpdateHost = 00 50 5E 3F 95 96HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings ProxyEnable = 0x00000000HKEY_CURRENT_USER\Software\Bifrost klg = 00HKEY..\..\..\..{RegistryKeys}HKEY_LOCAL_MACHINE\SOFTWARE\BifrostHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\MediaResources\msvideoHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9D71D88C-C598-4935-C5D1-43AA4DB90836}HKEY_CURRENT_USER\Software\Bifrost
Loading...