Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Lyzapo.A is a trojan that installs Win32/Mydoom.CN malware. The trojan is being spammed by e-mail.
InstallationWhen executed, the trojan creates the following files:
The %random% stands for a random number.
- %system%\wmiconf.dll (67072 B)
- %system%\wpcap.dll (240248 B)
- %system%\packet.dll (88696 B)
- %system%\WanPacket.dll (68224 B)
- %system%\drivers\npf.sys (34064 B)
The trojan registers itself as a system service using the following name:
In order to be executed on every system start, the trojan sets the following Registry entry:
The following Registry entries are created:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
"wmiconf" = "WmiConfig"
"ServiceDll" = "%system%\wmiconf.dll"
"Type" = 288
Other informationThe trojan creates the following files:
A string with variable content is used instead of %variable% .
The following services are disabled:
The trojan may perform DDoS (Distributed Denial of Service) attacks.