Trojan.Interrupdate is a low-risk trojan horse that was discovered June 8, 2009. It affects all existing Microsoft Windows operating systems and varies in its extension length. The only malicious thing it does besides drop files and slighty modify the Windows Registry is lower the security settings by "interupping" the updates, hence its name.
Once executed, the Trojan drops the following file and then deletes the original copy of itself:
The Trojan also drops the following nonmalicious files:
The Trojan creates the following registry entry, so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"MSDRV" = "NetFilter.exe"
The Trojan creates a new service with the following characteristics:
It registers the service by creating the following registry subkeys:
The Trojan then uses the nonmalicious files to sniff network traffic to lower security settings by blocking security-related updates.