1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. System Infected: Trojan.Dirtjump

System Infected: Trojan.Dirtjump

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects Trojan.Dirtjump activity on compromised machine

Additional Information

The Trojan may arrive on the computer as a file with any of the following names:

%System%\drivers\Svgtook.exe
%System%\drivers\Login549.exe
%System%\drivers\Svcgoit.exe


It then creates the following file:
%Windir%\keys.ini

The Trojan also creates the following registry subkeys:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\[THREAT FILE NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_[THREAT FILE NAME]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\[THREAT FILE NAME]


The Trojan then connects to a predetermined command and control server and downloads a list of URLs.

Affected

  • Various windows platforms
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube