Content

Generic Downloader.z

Type
Trojan
SubType
Script
Discovery Date
03/30/2005
Length
Varies
Minimum DAT
4458 (03/30/2005)
Updated DAT
5919 (03/13/2010)
Minimum Engine
5.4.00
Description Added
03/30/2005
Description Modified
03/11/2010 1:06 PM (PT)
Risk Assessment
Corporate User
Low-Profiled
Home User
Low-Profiled

Tab Navigation

Characteristics

-- Update March 11, 2010 --

The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/
--

A new variant of this thread have been discovered which tries to disguise itself as a bogus Playstation emulator.

This variant post sensitive information from the infected machine to several websites, and download and install more malicious files. All files downloaded by this program are already detected as FakeAlert-MA.gen

Upon execution, this malware shows the following behavior:

Tries to connect to the websites below to post data and request files to download:

  • angel[removed]arts.com
  • super[removed]media.com
  • best[removed]arts.com
  • dogart[removed].com
  • dancearts[removed].com
  • art[removed]world.com

Add the following key to registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs = 0x3A98

Delete itself from disk

--

This is a generic detection for Downloader trojans.

For further information, please refer to the Generic Downloader description.

Symptoms

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

-- Update March 11, 2010 --

The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://www.theregister.co.uk/2010/03/11/playstation_emulator_malware/
--

A new variant of this thread have been discovered which tries to disguise itself as a bogus Playstation emulator.

This variant post sensitive information from the infected machine to several websites, and download and install more malicious files. All files downloaded by this program are already detected as FakeAlert-MA.gen

Upon execution, this malware shows the following behavior:

Tries to connect to the websites below to post data and request files to download:

  • angel[removed]arts.com
  • super[removed]media.com
  • best[removed]arts.com
  • dogart[removed].com
  • dancearts[removed].com
  • art[removed]world.com

Add the following key to registry:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RFC1156Agent\CurrentVersion\Parameters\TrapPollTimeMilliSecs = 0x3A98

Delete itself from disk

--

This is a generic detection for Downloader trojans.

For further information, please refer to the Generic Downloader description.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A