Mendoza (also known by the non-specific name of Trojan.Dropper) is malware that creates a large security hole on your computer. It uses a key-logger to steal your personal and financial data and downloads adware that generates large numbers of popup adverts. The trojan itself also has some adware-like behaviors (specifically changing your home page and default search engine).
Method of Infection
Some websites trick you by displaying deceptive pop-up ads that may appear as regular Windows notifications with links which look like buttons reading Yes and No. No matter which "button" that you click on, Mendoza will install on your computer through a backdoor and will infect your system without your knowledge or consent.
Mendoza changes your computer's desktop background, hijacks your browser, spies on you, and replaces system files (all without your knowledge or permission). It can also re-install itself even after it is removed by anti-virus software.
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Shell" = "[SET OF RANDOM CHARACTERS].exe"