Leave a comment

What is Win32 FlyStudio?

Written by:  • Edited by: J. F. Amprimoz
Updated Jun 7, 2010 • Related Guides: Trojans | Windows

FlyStudio, a Trojan horse that modifies your internet browser's settings to redirect you to other websites. Read this article, to find more about it.

Description

win32 Flystudio
click to enlarge

Win32/FlyStudio is not a virus but a Trojan. A Trojan doesn’t replicate itself, but they spread themselves only when the circumstances are beneficial. Trojans are also called backdoors, which means the information stolen from a computer system is sent back to the intruder. Generally, Trojans are executable files which when executed opens a port on the infected computer system, collects the information and sends it back to the intruder.

Risk Assessment

Home Users – LOW

Corporate Users – LOW

Trojan Characteristics

Filename: e25328.exe

Type: Trojan

Detection: FlyStudio

Length: 1.5 Mb

Activity

Win32/FlyStudio enumerates the processes running on the system and uses the process’s memory to execute its malicious code. It also creates some executable files inside the windows folder. Apart from that, it also modifies and creates registry entries to execute code on windows startup and performs the execution of newly downloaded files or existing files.

Common Detection Names

Microsoft/Symantec - Trojan.Dropper

Kaspersky - Trojan-Downloader.Win32.VB.hxz

Sophos - Mal/Generic-A

Eset - Win32/FlyStudio

How it Workse

Win32/FlyStudio creates a sub-folder named 306a39 or dd33d3 or de08b0 inside the windows\system32 folder and copies several files with the following names; com.run, internet.fne, dp1.fne, krnln.fnr, eapi.fne, 00c3ac.exe, 394d.edt, etc.

Apart from copying itself in the windows\system32 folder it deletes some of the files present in user_profile\local settings\temporary internet files\content.ie5 folder.

It also does some registry changes like adding a new entry or modifying the existing entry in the system registry. It modifies the following registry entries.

%path1% = hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\windows\currentversion\explorer\mountpoints2

%path1%\a\ : baseclass =drive

%path1%\c\ : baseclass =drive

%path1%\d\ : baseclass =drive

%path1%\e\ : baseclass =drive

Removal Instructions

You can’t remove the Win32/FlyStudio Trojan manually, but you can always perform some steps to ensure that this Trojan doesn’t cause much harm to your system when its presence has been detected. First of all, scan all the open ports on your computer system using a port scanner available on the internet. Next, scan your system using Trojan Remover. Trojan Remover is very effective and easy to use software that will correct all the changes made by a Trojan. Finally, you must perform a full scan of your computer system to ensure that no pieces of the Trojan are left.

Also, you must disable system restore feature if your computer system has been infected by a virus, a worm or a Trojan.

Next Article »
We Also Recommend...
 
blog comments powered by Disqus
Computer Security
FEATURED AUTHORS
Mccordrm Michael Guerrero DavidK Steve McFarlane
Steven Bowcut, CPP R.L. Flowers KateG Radell Hunter
Most Popular Articles
Email to a friend