[dfwgator]

Peper Trojan

Overview
Peper Trojan, also called Troj/Peper-A, Trojan.Peper.A and SandBoxer, downloads files to the user's computer, possibly adware which will open pop-up windows.

Some state that the trojan uses random filenames and registry entries, but it seems to be pseudo random (?). Extremely hard to detect, Bazooka will try, but will most likely fail to detect it.

A clear sign of infection is a 14 character long registry value starting with a number, located in 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'. Another indication of infection is random named processes listed in the Task Manager's process list.

I have not been able to find out who developed the trojan or how it gets on the end-user's systems. Please let me know if you know more about the Peper Trojan.

Classification
Trojan Horse

Files
Amh4V.exe, FmrCj.exe, JvfMa7R.exe, SjrZsY.exe, Iei1NKe7.exe, CpaFG.exe, DozMu4.exe, Cio9f.exe, Ryf9m24V.exe, Idk277g.exe, Oval73H.exe, Yfk8.exe, LgnJ8V3.exe, YmxB.exe, MtyJ62.exe, Szep85ln.exe, XioVQ8s0.exe, Corx5Ux.exe, IpwoDw.exe, Xej7.exe, Kvw1.exe, FqbPw5.exe, HqoX.exe, Cjo9f.exe, NuaK63H.exe, Fdjd3o.exe, AozDF.exe

[mlbford2]

bmp

[BenLurkin]

QUESTION: Just what processes DO belong?

Is there a master library somewhere that can be referred to?

How many should there be?

Knowing these answers would make it easier to identify any that don't belong.

[FourtySeven]

Home study use.