There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.
Trojan:Win32/Waprox is a trojan that connects to certain servers to receive commands from a remote attacker.
What to do now
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
where <malware file name> is constructed by concatenating and/or substituting strings from service names in your computer, for example:
For a service named "Microsoft Url History Service", Microsoft becomes MS. The resulting malware file name is then "MSUrlHistoryService.exe" or "MSUrlHistoryService.dll".
Trojan:Win32/Waprox creates the following registry entries so that it automatically runs every time Windows starts:
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sets value: "<malware file name>" With data: ""%CommonProgramFiles%\<malware file name>\<malware file name>.exe" /<random parameter>" or "rundll32.exe "%CommonProgramFiles%\<malware file name>\<malware file name>.dll",<random parameter>"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Sets value: "MSUrlHistoryService" With data: ""%CommonProgramFiles%\MSUrlHistoryService\MSUrlHistoryService.exe" /<random parameter>" or "rundll32.exe "%CommonProgramFiles%\MSUrlHistoryService\MSUrlHistoryService.dll", <random_parameter>"
connects to a remote server
Trojan:Win32/Waprox connects to the following servers using either port 80 or 2222 to receive instructions from a remote attacker: