Elpman, Trojan Horse.

Elpman falls into the category of Trojan Horses or Trojan with backdoor.

This is a type of malware, often confused with viruses or other parasites. The Trojan horse is software that appears legitimate, but contains malware. It allows the installation of many advertising software (Adware).

The role of Trojan horse (Trojan) is to get this parasite onto the computer and install it there without the user's knowledge. The contained program is called the "payload". It can be any type of parasite: virus, keylogger, spyware. It is this parasite, and it alone, which will execute actions within the victim computer. The Trojan horse is nothing other than the vehicle, the one who does "bring the wolf into the fold". It is not harmful in itself because it does not perform any action other than allowing the installation of the real parasite.

Potentially unwanted software (LPI) or Potentialy Unwanted Programs (PUP) are the cause of many infections. The most common example is adware. InstallCore, Crossrider, Graftor ou Boxore which pollute the Registry and your data storage units. They are usually installed without your knowledge by downloading freeware. Indeed some sites use the repackaging method, an operation which consists of redoing the software installation module by adding download options. These options allow you to add other software such as browser toolbars, adware, potentially unwanted software, intrusive advertising software, or even browser hijackers.

This program is classified in the category of advertising software (Adware), from the English "ADS" short for the English Advertissement (Promotional poster). Adware usually installs as a program or browser extension and is loaded every time the system starts. They can launch services, start scheduled tasks, and create shortcuts on your Desktop. All these operations are done with or without your consent according to the terms of its user contract. Once installed, adware can modify certain settings of your browsers such as search pages, the start page or even your "404" error page. Adware can collect your browsing habits and communicate them to a server using the tracking method because it is most often a marketing solution aimed at retaining customers.

Spyware (spyware) and adware (adwares) unwanted files, just like malware, can use the writing flaws of legitimate software or those of operating systems. It is therefore essential to have official software and that it has automatic updating. Likewise, your Windows operating system must be programmed in automatic update mode and activated, so that you can have the latest updates for critical security vulnerabilities.

TECHNICAL ELEMENTS

Features

- Adds additional folders (O43),
– Pollution of the Registry base with numerous keys and values (O88),
– It creates multiple files and folders (O88),

Preview in reports

Recorded on 15/10/2016
O43 – CFD: 17/09/2014 – [] D — C:\Users\Coolman\AppData\Roaming\PDAppFlex
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\”Startup” = “%AppData%\Roaming\PDAppFlex”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”ProxyEnable” = “0”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\”SavedLegacySettings” = “[BINARY DATA]”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\”UNCAsIntranet” = “0”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\”AutoDetect” = “1”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\”UNCAsIntranet” = “0”
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\”AutoDetect” = “1”
C:\Users\Coolman\AppData\Roaming\PDAppFlex
C:\Users\Coolman\AppData\Roaming\PDAppFlex\Winword.exe