McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business Home McAfee Labs Threat Intelligence

Cutwail.dll.gen

This page shows details and results of our analysis on the malware Cutwail.dll.gen

Threat Detail

Malware Type: Trojan

Malware Sub-type: Application extension Generi

Discovery Date: 2008-09-02

Next Steps:

Overview

Cutwail is a trojan capable of downloading and running arbitrary files on infected hosts. It can also drop a kernel rootkit component to hide its presence and activity.


Minimum DAT

5375 (2008-09-02)

Updated DAT

6000 (2010-06-01)

 Minimum Engine

5.2.00

File Length

N/A

 Description Added

2008-09-02

Description Modified

2008-10-20

Malware Proliferation

Characteristics

This detection is for the DLL component of the Cutwail trojan, usually dropped in the

%WINDIR%\System32 directory.

For a full description of the Cutwail trojan please read the VIL here:

http://vil.nai.com/vil/content/v_144515.htm

Symptoms

  • Unexpected HTTP connections
  • Presence of files and registry keys mentioned above

    •  

    Method of Infection

    Removal

    All Users:
    Use current engine and DAT files for detection and removal.

    Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

    Variants

    United States - English