|
Description: Downloader serves as a downloading/updating component for other malicious files.
Generally it makes Internet connectons without user's knowledge and downloads malicious contents. Aliases - TROJ_YABE.AE (Trend Micro)
- Trojan-Downloader.Win32.Nurech.c (Kaspersky)
Chracterstics: When executed the trojan creates copies of itself in the victim's system and configures itself to load at system startup as well. Symptoms: It creates the following network connection: - upnp.exe server:zxcvz.com port:80
When executed the trojan creates copies of itself as below: - %SYSTEMDIR%\upnp.exe ( 11109 bytes )
- c:\documents and settings\%USER%\local settings\temporary
internet files\content.ie5\ktx34vgq\c[1].php ( 91408 bytes )
Registry keys are also created and/or modified as following: - hkey_current_user\software\unker
- hkey_current_user\software\unker\rechnung
- hkey_current_user\software\unker\upnp
- hkey_local_machine\software\microsoft\windows\currentversion\run
\np="%SYSTEMDIR%\upnp.exe"
Method of Infection: N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system. Many of these additionally are mass spammed by the author to entice people into double-clicking on them. Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction. Removal: All Users:
Use current engine and DAT files for detection and removal.
|
