Trojan.Sockrypt.Gen
Trojan.Sockrypt.Gen is a trojan dropper that drops and executes other malicious threats which will try to download additional malware onto the infected computer.A malicious trojan horse or bot that may represent security risk for the compromised system and/or its network environment.The following Registry Keys were created:
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host
HKEY_CURRENT_USER\Software\Microsoft\Windows Script Host\Settings
The newly created Registry Values are:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[system] = “%System%\drivers\services.exe”
winlogon = “%UserProfile%\svchost.exe”
so that services.exe runs every time Windows starts
so that svchost.exe runs every time Windows starts
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
[system] = “%System%\drivers\services.exe”
winlogon = “%UserProfile%\svchost.exe”
The following Registry Value was modified:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Userinit = “%System%\userinit.exe,%System%\drivers\services.exe”
so that userinit.exe runs every time Windows starts
There were new processes created in the system:
Process Name Process Filename Main Module Size
[filename of the sample #1] [file and pathname of the sample #1] 40,960 bytes
services.exe %System%\drivers\services.exe 40,960 bytes
svchost.exe %UserProfile%\svchost.exe 40,960 bytes
also known as the following:Trojan.Sockrypt.Gen [PCTools]
Trojan.Win32.Nosok.ac [Kaspersky Lab]
W32.SillyP2P [Symantec]
BackDoor-DOQ [McAfee]
Related Viruses:
Need help? Post you problem on Free Malware Remove Help forum
Trojan.Sockrypt.Gen Summary
1.Temporarily Disable System Restore;2.Reboot computer in SafeMode;3.delte Trojan.Sockrypt.Gen virus files and kill Trojan.Sockrypt.Gen file task process(if have);4.Delete/Modify any values added to the registry by Trojan.Sockrypt.Gen ;5.delete IE temp files,restart the computer and run a whole scan with Vexira, VirusBuster. Trojan.Sockrypt.Gen virus files as following: