MultiDropper-QS

This page shows details and results of our analysis on the malware MultiDropper-QS

Download Current DAT: 6618

Threat Detail

Malware Type: Trojan

Malware Sub-type: Dropper

Discovery Date: 2006-06-01

Next Steps:

Overview
Characteristics
Symptoms
Method of Infection
Removal

Overview

This is a multidropper which is intended to drop and execute 2 trojans on the target machine.

Minimum DAT

4775 (2006-06-01)

Updated DAT

4857 (2006-09-21)

Minimum Engine

5.1.00

File Length

N/A

Description Added

2006-06-01

Description Modified

2006-06-15

Malware Proliferation

Characteristics

Upon execution the sample drops geebx.dll (file size 38925 bytes) and drz.exe (file size 19848 bytes). These two files are already detected by McAfee as "Vundo" and "DollarRevenue" respectively. drz.exe file is responsible for the further download of trojan and adware samples on the user's system.

System Changes

This trojan drops the following files in "%SystemDir%" folder.

%SystemDir%\drz.exe - DollarRevenue
%SystemDir%\geebx.dll - Vundo

Symptoms

Dropped files on the target machine as mentioned.

Method of Infection

This multidropper trojan serves only to drop and execute other files on the target system. It does not self-replicate. Likely distribution channels for this trojan include via IRC, via peer-to-peer file-sharing networks, as an attachment in newsgroup postings or email, etc. The file is likely to be named in order to entice the victim to run it.

Trojans may also be received as a result of poor security practices (weak username/password combination on open shares, lack of/or misconfigured firewall protection), or unpatched and vulnerable systems.

Removal

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.