[INFO]
AnalystName=RAJA BABU .A
AnalystEMailID=rajababua@comodo.com
Team=India
Date=12-MAR-2010
Type=TrojWare
Platform=Win32
Subtype=
Family=Koblu
Variant= 

[OVERVIEW]
	This is a Coolezweb application which may occupy system resources and slow down computers. It may frequently shows pop-up advertising messages to interrupt the computer users,
And also it will download additional malware.

[TECHNICAL_DESCRIPTION]
Registry Values added:
	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW: "<Randomly generated string>"
	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ud64: "<Randomly generated string>"
File Created:
	%system%\comsa32.sys
	%temp%\mpj<Random Number>.dll(copy of urlmon.dll)

[SYMPTOMS]
The presence of the following registry key:
	HKLM\Software\Microsoft\WBEM\BuildW
	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ud64

[DISINFECTION]
Delete the following files:
	%system%\comsa32.sys
	%temp%\mpj<Random Number>.dll
Delete the following registry keys
	HKLM\Software\Microsoft\WBEM\BuildW
	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ud64