Content
BackDoor-DKI.dldr
- Type
- Trojan
- SubType
- Downloader
- Discovery Date
- 12/18/2006
- Length
- Varies
- Minimum DAT
- 4921 (12/18/2006)
- Updated DAT
- 5392 (09/25/2008)
- Minimum Engine
- 5.1.00
- Description Added
- 12/18/2006
- Description Modified
- 04/06/2007 7:45 AM (PT)
Tab Navigation
Characteristics
-- Update: April 6, 2007 ---
Upon execution, the trojan injects the code into the process of Internet Explorer. The code attempts to download BackDoor-DKI trojan from the following URL.
- http ://www.maritimesquare.com/[removed]/kz.exe (Detected with DAT 5003)
Symptoms
- Existence of mentioned file
Method of Infection
It is observed to be dropped by Exploit-TaroDrop that exploits a vulnerability in Ichitaro Document Viewer.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
-- Update: April 6, 2007 ---
The most recent variant of Backdoor-DKI.dldr is dropped by Exploit-TaroDrop Trojan, which exploits a zero-day vulnerability in Ichitaro Document Viewer.
The trojan "BackDoor-DKI.dldr" is designed to download "BackDoor-DKI" trojan.
Characteristics
Characteristics -
-- Update: April 6, 2007 ---
Upon execution, the trojan injects the code into the process of Internet Explorer. The code attempts to download BackDoor-DKI trojan from the following URL.
- http ://www.maritimesquare.com/[removed]/kz.exe (Detected with DAT 5003)
Symptoms
Symptoms -
- Existence of mentioned file
Method of Infection
Method of Infection -
It is observed to be dropped by Exploit-TaroDrop that exploits a vulnerability in Ichitaro Document Viewer.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
