TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TSPY_CIMUZ
Overview
Solution

QUICK LINKS  

Download the latest scan engine

TypeSpyware

Aliases: Trojan-Proxy.Win32.Cimuz.ai (Kaspersky), BackDoor-CLK.dll (NAI), Troj/Cimuz-C (Sophos), Trj/Cimuz.X (Panda)

In the wild: No

Reported detections:

 Low
 

Description:

This spyware drops the following files, which Trend Micro also detects TSPY_CIMUZ, in the Windows system folder :

  • {random file name}.dll
  • mdms.exe

It then creates the following registry keys and entry as part of its installation routine:

HKEY_CLASSES_ROOT\acpi.acpi.1

HKEY_CLASSES_ROOT\acpi.ext

HKEY_CLASSES_ROOT\*\shellex\
ContextMenuHandlers\sysacpildap

HKEY_CLASSES_ROOT\CLSID\
{5E2121EE-0300-11D4-8D3B-444553540000}

HKEY_CLASSES_ROOT\Interface\
{5E2121EE-0300-11D4-8D3B-444553540000}

HKEY_CLASSES_ROOT\TypeLib\
{5E2121EE-0300-11D4-8D3B-444553540000}

HKEY_CURRENT_USER\Software\mzs

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Shell Extensions\Approved
{5E2121EE-0300-11D4-8D3B-444553540000} = "st"

This spyware affects systems running on Windows 98, ME, NT, 2000, XP, and Server 2003.

For additional information about this threat, see:
Solution

Description created: Oct 3, 2006




Tell us how we did. Take our quick survey.