Toxic-CV - Malware Gallery

Informations

Author	Toxic_Frog
Family	Toxic-CV
Category	Destructive
Version	Toxic-CV
Released Date	Feb 2005, 19 years, 7 months ago.
Language	Visual Basic

Additional Information

Server:
dropped file:
c:\WINDOWS\SVCHOST.EXE
size: 10,215 bytes 

added to registry:
HKEY_USERS\S-1-5-21-789336058-1957994488-1060284298-1003_Classes\exefile\DefaultIcon "(Default)"
data: %1 

HKEY_USERS\S-1-5-21-789336058-1957994488-1060284298-1003_Classes\exefile\Shell\Open\Command "(Default)"
data: C:\WINDOWS\SVCHOST.EXE %1 %* 

HKEY_CURRENT_USER\Software\Classes\exefile\DefaultIcon "(Default)"
data: %1 

HKEY_CURRENT_USER\Software\Classes\exefile\Shell\Open\Command "(Default)"
data: C:\WINDOWS\SVCHOST.EXE %1 %* 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system "DisableRegistryTools"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\system "DisableTaskMgr"
data: 01, 00, 00, 00 

HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: C:\WINDOWS\SVCHOST.EXE %1 %* 



tested on Windows XP
September 10, 2005