Trojan:WinREG/Gowfi.A is part of Win32/Gowfi, a multi-component trojan family that attempts to redirect web browsing from certain sites to phishing web pages for the purpose of harvesting logon credentials. This malware adds five fake certificates to Windows trusted root certificate authorities.
This malware is installed by Win32/Gowfi.
When run, it attempts to disable the UAC (User Account Control) on Windows Vista and Windows 7.
Adds fake certificates
Trojan:WinREG/Gowfi.A adds five fake CAs (Certificate Authorities) to list of "trusted root Certification Authorities". The list includes fake certs for the following web domains:
Below is a view of the added certificates:
Analysis by Chun Feng
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.