Trojan.Milicenso

Trojan.Milicenso is a malware that can send massive print jobs and display advertisements on the infected computer. To remove this Trojan, follow the guide on this page.

Trojan.Milicenso is a harmful Trojan that attempt to connect to a remote server and download malicious files on to the infected computer. The Trojan also cause severe annoyances like displaying of excessive advertisements and browser redirection. It is also part of this Trojan’s payload to send massive amount of print jobs if it detects that a printer is linked to the infected system.

If executed, Trojan.Milicenso will create various files in system directory and edit Windows registry to create its own entries that is necessary for the Trojan’s operation. It performs the same method in order to allow its traffic to pass through a Windows firewall.

Once loaded and running, the Trojan may communicate to a remote computer to download other files. It is observe that the Trojan may pull down a configuration file for its update. This action may trigger other harmful actions by the Trojan.

There are several ways Trojan.Milicenso can enter your computer. It is spread as malicious email attachments that professed a valuable material. Additionally, drive-by-download affected websites and fake video codecs similarly brings the Trojan into victims PC.

Damage Level: Medium

Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7

Manual Removal of Trojan.Milicenso:

1. Temporarily Disable System Restore. This feature is active by default once Windows (XP/Vista/7) is installed on the computer.
2. Open your antivirus program and update the virus definition. Refer to your antivirus manual on how to initiate an update. Most antivirus software provides one-click process.

3. Restart Windows in Safe Mode.
– Turn off the computer. Then turn the power on, immediately press F8 on your keyboard right after a text appears on the screen.
– It will display a selection. Please choose Safe Mode and press Enter. Most threats like Trojan.Milicenso will not load when you run Windows in this mode.

4. Once Windows starts in Safe Mode, run a full system scan and clean/delete all infected files. If it cannot perform clean/delete, better put the infected file into quarantine so that it will remain inaccessible.

5. Reboot the computer and run another scan after Windows boots normally to make sure that Trojan.Milicenso is gone.

Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.

Technical Details and Additional Information:

Other functionalities of this Trojan:
– Access various URL where malicious files will be pulled down.

Malicious Files Added by Trojan.Milicenso:
%System%\[RANDOM CHARACTERS].dll
%Temp%\[RANDOM CHARACTERS].bat
%Windir%\Tasks\[RANDOM CHARACTERS].job

Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Firewall Policy\StandardProfile\GloballyOpenPorts\List\”1900:TCP” = “1900:TCP:LocalSubNet:Enabled:UDP 1900″
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”2” = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\”4″ = “[BINARY DATA]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”2″ = “[BINARY DATA]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\”4″ = “[BINARY DATA]”
HKEY_CURRENT_USER\Software\NKARYVBF\”Sg” = “[BINARY DATA]”
HKEY_CURRENT_USER\System\CurrentControlSet\”1″ = “[RANDOM CHARACTERS]”
HKEY_CURRENT_USER\System\CurrentControlSet\”5″ = “1”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\FreeCodec_I\DEBUG\”Trace Level” = “”
HKEY_LOCAL_MACHINE\SOFTWARE\NKARYVBF\”Sg” = “[BINARY DATA]”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”1″ = “[RANDOM CHARACTERS]”
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\”9″ = “1”
HKEY_USERS\.DEFAULT\Software\NKARYVBF\”Sg” = “[BINARY DATA]”
HKEY_USERS\.DEFAULT\System\CurrentControlSet\”5″ = “1”
… and many more similar entries.

Leave a Reply

Your email address will not be published. Required fields are marked *