Trojan.Interrupdate is a low-risk trojan horse that was discovered 6/8/09. It affects all existing Windows operating systems and varies in its extension length. The only malicious thing it does besides drop files and slighty modify the registry is lower the security settings by "interupping" the updates, hence its name.


Once executed, the Trojan drops the following file and then deletes the original copy of itself:
%System%\NetFilter.exe (Trojan.Interrupdate)

The Trojan also drops the following nonmalicious files:

  • %System%\drivers\ndisrd.sys
  • %System%\ndisapi.dll

The Trojan creates the following registry entry, so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"MSDRV" = "NetFilter.exe"

The Trojan creates a new service with the following characteristics:

It registers the service by creating the following registry subkeys:


The Trojan then uses the nonmalicious files to sniff network traffic to lower security settings by blocking security-related updates.



Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.