Content

Downloader-AZR

Type
Trojan
SubType
Downloader
Discovery Date
12/06/2006
Length
1,665 bytes
Minimum DAT
4914 (12/08/2006)
Updated DAT
N/A ( )
Minimum Engine
5.1.00
Description Added
12/08/2006
Description Modified
12/08/2006 5:00 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

When run, this trojan writes itself into the memory space of Explorer.exe, to try and bypass firewall programs.  It tries to download a file from a website at 218.147.97.51.

It does not copy itself locally or create any startup entries.  Once a machine has been rebooted the trojan will not start itself again automatically.

Symptoms

N/A

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, drive-by downloads, newsgroup postings, etc.

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

Downloader-AZR serves as a downloading/updating component for other malicious files. 
Downloader trojans make Internet connectons without the user's knowledge and downloads malicious contents.

Characteristics

Characteristics -

When run, this trojan writes itself into the memory space of Explorer.exe, to try and bypass firewall programs.  It tries to download a file from a website at 218.147.97.51.

It does not copy itself locally or create any startup entries.  Once a machine has been rebooted the trojan will not start itself again automatically.

Symptoms

Symptoms -

N/A

Method of Infection

Method of Infection -

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, drive-by downloads, newsgroup postings, etc.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A