This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
4382 (2004-07-28)Updated DAT
6,656 bytes (UPX packed)
This detection is for a downloading trojan that serves only to download and execute a remote file.
Once executed, it installs itself on the victim machine using deceptive file and folder names:
The following Registry hooks are added:
After a delay, the following fake error message is displayed:
Upon clicking OK, the trojan attempts to download remote files.
See above. This downloader trojan serves to download and execute remote files.
This downloader trojan serves to download and execute remote files.
Use specified engine and DAT files for detection.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the current engine and the specified DATs (or higher). Older engines may not be able to remove all registry keys created by this threat.