Fandom

Malware Wiki

Trojan.Interrupdate

1,319pages on
this wiki
Add New Page
Comments0 Share

Trojan.Interrupdate is a low-risk trojan horse that was discovered 6/8/09. It affects all existing Windows operating systems and varies in its extension length. The only malicious thing it does besides drop files and slighty modify the registry is lower the security settings by "interupping" the updates, hence its name.

Operations Edit

Once executed, the Trojan drops the following file and then deletes the original copy of itself:
%System%\NetFilter.exe (Trojan.Interrupdate)

The Trojan also drops the following nonmalicious files:

  • %System%\drivers\ndisrd.sys
  • %System%\ndisapi.dll


The Trojan creates the following registry entry, so that it runs every time Windows starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"MSDRV" = "NetFilter.exe"

The Trojan creates a new service with the following characteristics:
NDISRD
%System%\drivers\ndisrd.sys
Automatic

It registers the service by creating the following registry subkeys:

  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDISRD
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDISRD

The Trojan then uses the nonmalicious files to sniff network traffic to lower security settings by blocking security-related updates.

Writeup Edit

1

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.