Details
Downloader.Win32.Harnig
This Trojan is written in Assembler.
Installation
Harnig copies itself as an .exe file and a .dll file with the same random name in the Windows directory. The .exe version is registered in the system registry auto-run key as:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
The Trojan also creates the following file in the Windows directory:
WININIT.INI
Malicious effects
Harnig downloads Backdoor.Afcore.aa from http//system.hoha.ru/x.pl?10 and launches it. Backdoor.Afcore.aa functions identically to Backdoor.Afcore.q

Related Posts

This entry was posted on Thursday, September 28th, 2006 at 2:00 pm and is filed under Virus Threats.