Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
5643 (2009-06-11) Updated DAT5761 (2009-10-04) |
Minimum Engine
5.2.00 File LengthVaries |
Description Added
2009-06-11 Description Modified2009-06-11 |
Malware Proliferation
Characteristics
== Update 11 June 2009 ==
This Trojan is dropped by W32/Generic.worm.i. When run, it places a copy of itself into %WINDIR%\Temp (where %WINDIR% is usually C:\Windows) with a random filename with a .tmp extension.
Symptoms
- Presence suspicious files in the %WINDIR%\Temp folder
Method of Infection
User interaction is required to execute this Trojan. Otherwise this Trojan could be run by W32/Generic.worm.i.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants