Pin Me

What is Win32 FlyStudio?

written by: Bill Bunter•edited by: J. F. Amprimoz•updated: 6/7/2010

FlyStudio, a Trojan horse that modifies your internet browser's settings to redirect you to other websites. Read this article, to find more about it.

  • slide 1 of 7


    win32 Flystudio 

    Win32/FlyStudio is not a virus but a Trojan. A Trojan doesn’t replicate itself, but they spread themselves only when the circumstances are beneficial. Trojans are also called backdoors, which means the information stolen from a computer system is sent back to the intruder. Generally, Trojans are executable files which when executed opens a port on the infected computer system, collects the information and sends it back to the intruder.

  • slide 2 of 7

    Risk Assessment

    Home Users – LOW

    Corporate Users – LOW

  • slide 3 of 7

    Trojan Characteristics

    Filename: e25328.exe

    Type: Trojan

    Detection: FlyStudio

    Length: 1.5 Mb

  • slide 4 of 7


    Win32/FlyStudio enumerates the processes running on the system and uses the process’s memory to execute its malicious code. It also creates some executable files inside the windows folder. Apart from that, it also modifies and creates registry entries to execute code on windows startup and performs the execution of newly downloaded files or existing files.

  • slide 5 of 7

    Common Detection Names

    Microsoft/Symantec - Trojan.Dropper

    Kaspersky - Trojan-Downloader.Win32.VB.hxz

    Sophos - Mal/Generic-A

    Eset - Win32/FlyStudio

  • slide 6 of 7

    How it Workse

    Win32/FlyStudio creates a sub-folder named 306a39 or dd33d3 or de08b0 inside the windows\system32 folder and copies several files with the following names;, internet.fne, dp1.fne, krnln.fnr, eapi.fne, 00c3ac.exe, 394d.edt, etc.

    Apart from copying itself in the windows\system32 folder it deletes some of the files present in user_profile\local settings\temporary internet files\content.ie5 folder.

    It also does some registry changes like adding a new entry or modifying the existing entry in the system registry. It modifies the following registry entries.

    %path1% = hkey_users\s-1-5-21-1202660629-602609370-839522115-500\software\microsoft\windows\currentversion\explorer\mountpoints2

    %path1%\a\ : baseclass =drive

    %path1%\c\ : baseclass =drive

    %path1%\d\ : baseclass =drive

    %path1%\e\ : baseclass =drive

  • slide 7 of 7

    Removal Instructions

    You can’t remove the Win32/FlyStudio Trojan manually, but you can always perform some steps to ensure that this Trojan doesn’t cause much harm to your system when its presence has been detected. First of all, scan all the open ports on your computer system using a port scanner available on the internet. Next, scan your system using Trojan Remover. Trojan Remover is very effective and easy to use software that will correct all the changes made by a Trojan. Finally, you must perform a full scan of your computer system to ensure that no pieces of the Trojan are left.

    Also, you must disable system restore feature if your computer system has been infected by a virus, a worm or a Trojan.

Popular Pages

More Info