Content

Generic MultiDropper.n

Type
Trojan
SubType
Win32
Discovery Date
07/24/2006
Length
Varies
Minimum DAT
4813 (07/24/2006)
Updated DAT
6423 (07/30/2011)
Minimum Engine
5.1.00
Description Added
07/24/2006
Description Modified
03/06/2007 3:29 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

Generic Multidropper.n is a generic detection, and as such this description is meant as a general guide.  In this particular variant, it is used to drop and install a BackDoor trojan.

Upon execution, the following file is dropped:

  • %SysDir%\xpdhcp.dll ( 41984 bytes )

This file is detected as BackDoor-DKH

The following registry entry is created to set itself as a service:

  • hkey_local_machine\system\currentcontrolset\services\
    winxpdhcpsvc\displayname="WinXP DHCP Service"

Symptoms

Presence of the file and registry entry noted on the Characteristics tab

Method of Infection

This multidropper trojan serves only to drop and execute other files on the target system. It does not self-replicate. Likely distribution channels for this trojan include via IRC, via peer-to-peer file-sharing networks, as an attachment in newsgroup postings or email, etc. The file is likely to be named in order to entice the victim to run it (eg. NEW_YEAR.EXE)

Trojans may also be received as a result of poor security practices (weak username/password combination on open shares, lack of/or misconfigured firewall protection), or unpatched and vulnerable systems.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants

    N/A

All Information

Overview -

This is a description for the Generic Multidropper.n trojan detection. As with most multidropper trojans, the main focus of this trojan is to drop various Adware or malware files onto the infected system.

Characteristics

Characteristics -

Generic Multidropper.n is a generic detection, and as such this description is meant as a general guide.  In this particular variant, it is used to drop and install a BackDoor trojan.

Upon execution, the following file is dropped:

  • %SysDir%\xpdhcp.dll ( 41984 bytes )

This file is detected as BackDoor-DKH

The following registry entry is created to set itself as a service:

  • hkey_local_machine\system\currentcontrolset\services\
    winxpdhcpsvc\displayname="WinXP DHCP Service"

Symptoms

Symptoms -

Presence of the file and registry entry noted on the Characteristics tab

Method of Infection

Method of Infection -

This multidropper trojan serves only to drop and execute other files on the target system. It does not self-replicate. Likely distribution channels for this trojan include via IRC, via peer-to-peer file-sharing networks, as an attachment in newsgroup postings or email, etc. The file is likely to be named in order to entice the victim to run it (eg. NEW_YEAR.EXE)

Trojans may also be received as a result of poor security practices (weak username/password combination on open shares, lack of/or misconfigured firewall protection), or unpatched and vulnerable systems.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Variants

Variants -

    N/A