Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
Troj/Enfal-A is a Trojan for the Windows platform.
Troj/Enfal-A includes functionality to:
- inject multiple threads into the process EXPLORER.EXE
- download code from the internet
When run Troj/Enfal-A copies itself to dismgnt.exe and winkrnl.exe.
Troj/Enfal-A modifies the following registry entry to run itself on Windows Logon:
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Userinit
userinit.exe,DisMgnt.exe
Troj/Enfal-B is a backdoor Trojan for the Windows platform.
Troj/Enfal-B includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Enfal-B is installed the following files are created:
DisMgnt.exe
NtApi.exe
Winkrnl.exe
acetempkb791024.l0g
where NtApi.exe is an archiver application.
Troj/Enfal-B injects multiple threads into the process EXPLORER.EXE.
The files DisMgnt.exe and Winkrnl.exe are detected as Troj/Enfal-A.
Registry entries are set as follows:
HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerAdvanced
ShowSuperHidden
0
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Shell
Explorer.exe,
Windows disinfector
BDLAAGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
· Open BDLAAGUI.com file from your desktop after downloading it.
· Click on the Start Scan Button.
· Wait for the process to complete.
Command line disinfector
ENFALSFX.EXE is a self-extracting archive containing ENFALCLI, a Resolve command line disinfector for use by system administrators on Windows networks.
Find us on Google+
