Content
Downloader-AVY
- Type
- Trojan
- SubType
- Downloader
- Discovery Date
- 05/03/2006
- Length
- 445 bytes
- Minimum DAT
- 4754 (05/03/2006)
- Updated DAT
- 6340 (05/08/2011)
- Minimum Engine
- 5.1.00
- Description Added
- 05/03/2006
- Description Modified
- 07/02/2006 4:36 AM (PT)
Tab Navigation
Characteristics
This trojan shows following characteristics:
- connects to remote sites without user's permission.
- downloads and stores malicious content on user's system.
Symptoms
Symptoms are as follows:
Presence of files mentioned below in %windows%\sytem32 folder.
File: ipudpb2.sys
Hash: bed399d56b82369eb7fb95caad16de04
File: wndtx1.dll
Hash: 14ab6317620fb234c436f8114fab7f26
Method of Infection
Installation:
File: Install.exe
Hash: 601b43c39f726d975f035cc98c146f99
This trojan may have any of the standard icon like Microsoft Word Document or JPEG Image.
Upon execution, trojan connects to malicious sites like www .ed[removed].com and www.gob[removed].gov.com downloads following files to %windows%\sytem32 folder.
File: ipudpb2.sys
Hash: bed399d56b82369eb7fb95caad16de04
Detected by McAfee as: BackDoor-BAC.sys (Remote Access trojan).
File: wndtx1.dll
Hash: 14ab6317620fb234c436f8114fab7f26
Detected by McAfee as: PWS-Goldun (Password Stealer trojan).
This is not a virus and do not contain any method to replicate. However this file may be downloaded by other viruses and/or Trojans to be installed on the user's system.
Removal
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Variants
Variants
N/A
All Information
Overview -
This trojan establishes internet connection with the remote website without user's knowledge and downloads the malicious content into the user system.
Aliases
- Trojan-Downloader.Win32.Small.ctj (Kaspersky Lab)
- TrojanDownloader:Win32/Small!1B60 (Microsoft MP)
Characteristics
Characteristics -
This trojan shows following characteristics:
- connects to remote sites without user's permission.
- downloads and stores malicious content on user's system.
Symptoms
Symptoms -
Symptoms are as follows:
Presence of files mentioned below in %windows%\sytem32 folder.
File: ipudpb2.sys
Hash: bed399d56b82369eb7fb95caad16de04
File: wndtx1.dll
Hash: 14ab6317620fb234c436f8114fab7f26
Method of Infection
Method of Infection -
Installation:
File: Install.exe
Hash: 601b43c39f726d975f035cc98c146f99
This trojan may have any of the standard icon like Microsoft Word Document or JPEG Image.
Upon execution, trojan connects to malicious sites like www .ed[removed].com and www.gob[removed].gov.com downloads following files to %windows%\sytem32 folder.
File: ipudpb2.sys
Hash: bed399d56b82369eb7fb95caad16de04
Detected by McAfee as: BackDoor-BAC.sys (Remote Access trojan).
File: wndtx1.dll
Hash: 14ab6317620fb234c436f8114fab7f26
Detected by McAfee as: PWS-Goldun (Password Stealer trojan).
This is not a virus and do not contain any method to replicate. However this file may be downloaded by other viruses and/or Trojans to be installed on the user's system.
Removal -
Removal -
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Variants
Variants -
N/A