Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Trojan.Win32.Xalnaga. Viruses Information

Name: Trojan.Win32.Xalnaga.
Category: Viruses
Description: Details
Trojan.Win32.Xalnaga.a

This is a Win32 Trojan horse. When run, it modifies the Registry keys listed below and exits. The resulting effect of the Trojan running is the fact that Windows stays mostly non-functional: all icons on Desktop are removed, so it is not possible to reboot the machine in the usual way, etc.
The Trojan has the "copyright" string:
Tyrant-28881 {T-28881} virus
The affected registry keys are:
Key1:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
NoDesktop = 1
Key2:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionWinlogon

NoRun = 1
NoFind = 1
NoClose = 1
Key3:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem

DisableRegistryTools = 1
Key4:
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionWinlogon

LegalNoticeCaption = <<< Xal Naga was here >>>
LegalNoticeText = The human era has come to an end, the new breed of humans will evolve right now !!! Behold and despair !!!
The results are:
all icons are removed from Desktop (key1)
the "Start" menu items are removed: Run, Find, Shut Down (key2)
standard Registry editors under WinNT are disabled(key3)
message box displayed on logon: (key4)

Because of a bug in the Trojan, Key3 is written to the Registry in an incorrect form, and this action doesn't function - it is possible to run Regedit and repair affected keys.
Repair: set these keys to '0' or delete them.
Regedit.exe run: select StartProgramsWindows Explorer, then browse for Regedit.exe and run it.



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Zelentsov.37
Mao.100
Lyby.61
Natas.477
Hi Famil
SC_Replicato
TurboBasi
Flash Famil
I-Worm.Sober.
VirusDead.230


 

© 2006-2008 spyware32.com - Privacy Policy