Content

Downloader-AWV

Type
Trojan
SubType
Downloader
Discovery Date
06/14/2006
Length
3,584
Minimum DAT
4784 (06/14/2006)
Updated DAT
4784 (06/14/2006)
Minimum Engine
5.1.00
Description Added
06/14/2006
Description Modified
06/14/2006 11:22 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Downloaders are designed to pull files from a remote website and execute the files that have been downloaded.

Upon execution, the trojan runs iexplore.exe and injects a thread into the process. The injected thread attempts to download a file from the following URL and save it to c:\temp.exe.

  • 210.[removed]:7090

The trojan also creates the following file.

  • C:\bool.ini (0 byte)

Symptoms

  • Presence of aforementioned files.

Method of Infection

N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.

Many of these additionally are mass spammed by the author to entice people into double-clicking on them.

Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Downloader serves as a downloading/ updating component for other malicious files. Generally it makes internet connections without user's knowledge.

Characteristics

Characteristics -

Downloaders are designed to pull files from a remote website and execute the files that have been downloaded.

Upon execution, the trojan runs iexplore.exe and injects a thread into the process. The injected thread attempts to download a file from the following URL and save it to c:\temp.exe.

  • 210.[removed]:7090

The trojan also creates the following file.

  • C:\bool.ini (0 byte)

Symptoms

Symptoms -

  • Presence of aforementioned files.

Method of Infection

Method of Infection -

N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.

Many of these additionally are mass spammed by the author to entice people into double-clicking on them.

Alternatively they may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the Downloader onto the user's system with no user interaction.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A