Remove Trojan.Iflar
Posted on: June 15th, 2009
| Discovered: | June 10, 2009 |
| Updated: |
June 10, 2009 4:22:54 PM |
| Type: |
Trojan |
| Systems Affected: |
Windows XP, Windows Vista, Windows Server 2003, Windows 2000 |
| Recommended Action: | |
 In order to Remove Trojan.Iflar you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of Trojan.Iflar .. |
|
| Technical Details: |
| When the Trojan is executed, it copies itself to the following location:
%Windir%\winlogon.exe Next, the Trojan creates the following registry entry so that it executes whenever Windows starts: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run \”winlogon” = “%Windir%\winlogon.exe” It also creates the following registry entry: HKEY_LOCAL_MACHINE\Software\Microsoft\Nvchost\”test” = “test” The Trojan then contacts the following domain on TCP port 80 to download updates of itself, if available: endsolar.com It also downloads content for spam from the above site, including:
The Trojan then creates names for the From field of the spam emails from two lists of female first names and last names. It gathers email addresses from the Windows Address Book, if present, and sends them to the following location: endsolar.com Next, it attempts to send spam emails using a local SMTP server, if one exists. Otherwise, it attempts to connect to the following SMTP servers in order to send spam emails:
Where [DOMAIN] is the domain of the email address being spammed to. |
| Action Steps: |
| FREE SCAN: NoAdware can Remove Trojan.Iflar. Click the link below for your free download & scan your PC now.
Please click here for manual removal instructions. |
