Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Oficla.EF is a trojan which tries to download other malware from the Internet.
InstallationWhen executed, the trojan creates the following files:
- %system%nynw.wmo (20992 B)
- %temp%%variable1%.tmp (20992 B)
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
"Shell" = "* rundll32.exe nynw.wmo mynleeq"
"op" = %variable2%
"url%variable3%" = %variable4%
Other informationThe trojan is sent data and commands from a remote computer or the Internet.
The trojan contains a list of (1) URLs. The HTTP protocol is used.
It can execute the following operations:
- download files from a remote computer and/or the Internet
- run executable files
The trojan may set the following Registry entries:
"VBAWarnings" = 1
"Level" = 1
"AccessVBOM" = 1