Trojan.Drondog modifies '%System%\userinit.exe' and also disables hard disk monitoring programs. The Trojan also downloads additional threats form remote sites.
Files creting when the Trojan is executed.
1). %UserProfile%Local Settings\Temporary Internet Files\[RANDOM FILE NAME].exe
The trojan also creates a services named 'usbhdd',this service disables certain programs that monitor the changes of the hard disk.
The Trojan then searches for system file %System%\userinit.exe and overwrites the above file with malicious code that downloads other malware from the following remote site.
Systems Affected: All Windows
How to remove Trojan.Drondog ?