To: dfwgator
Peper Trojan
Overview
Peper Trojan, also called Troj/Peper-A, Trojan.Peper.A and SandBoxer, downloads files to the user's computer, possibly adware which will open pop-up windows.
Some state that the trojan uses random filenames and registry entries, but it seems to be pseudo random (?). Extremely hard to detect, Bazooka will try, but will most likely fail to detect it.
A clear sign of infection is a 14 character long registry value starting with a number, located in 'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'. Another indication of infection is random named processes listed in the Task Manager's process list.
I have not been able to find out who developed the trojan or how it gets on the end-user's systems. Please let me know if you know more about the Peper Trojan.
Classification
Trojan Horse
Files
Amh4V.exe, FmrCj.exe, JvfMa7R.exe, SjrZsY.exe, Iei1NKe7.exe, CpaFG.exe, DozMu4.exe, Cio9f.exe, Ryf9m24V.exe, Idk277g.exe, Oval73H.exe, Yfk8.exe, LgnJ8V3.exe, YmxB.exe, MtyJ62.exe, Szep85ln.exe, XioVQ8s0.exe, Corx5Ux.exe, IpwoDw.exe, Xej7.exe, Kvw1.exe, FqbPw5.exe, HqoX.exe, Cjo9f.exe, NuaK63H.exe, Fdjd3o.exe, AozDF.exe
17 posted on
02/17/2004 1:40:52 PM PST by
dfwgator
To: dfwgator
bmp
18 posted on
02/17/2004 1:43:34 PM PST by
mlbford2
To: dfwgator
QUESTION: Just what processes DO belong?
Is there a master library somewhere that can be referred to?
How many should there be?
Knowing these answers would make it easier to identify any that don't belong.
52 posted on
02/17/2004 2:59:41 PM PST by
BenLurkin
(Socialism is Slavery)
To: dfwgator
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson