Content
Downloader-BAY
- Type
- Trojan
- SubType
- Downloader
- Discovery Date
- 03/15/2007
- Length
- Minimum DAT
- 4985 (03/15/2007)
- Updated DAT
- 6546 (11/30/2011)
- Minimum Engine
- 5.1.00
- Description Added
- 03/15/2007
- Description Modified
- 03/31/2007 6:07 AM (PT)
Tab Navigation
Characteristics
File: Install.exe
Hash: 3b2b1a9c364a8992683588eb9055c2ce
Upon execution, trojan connects to remote destination mentioned below.
- 58.211.[removed].41 setup4.[removed].com
Once connection is established executable file by name barsetup[1] is downloaded under Temporary Internet Files folder for which detection is covered under "BackDoor-CVM" family.
Symptoms
Presence of an executable file by name barsetup[1] under Temporary Internet Files folder confirms the attack.
Method of Infection
N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.
Removal
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Variants
Variants
N/A
All Information
Overview -
It's a trojan downloader which is designed to pull files from a remote website and execute them on user's system.
Aliases
- TROJ_Generic (Trend Micro)
- Trojan-Downloader.Win32.QQHelper.tg (Kaspersky Lab
- Trojan.DownLoader.18075 (Doctor Web)
- TrojanDownloader:Win32/Agentsmall.A (Microsoft MP)
Characteristics
Characteristics -
File: Install.exe
Hash: 3b2b1a9c364a8992683588eb9055c2ce
Upon execution, trojan connects to remote destination mentioned below.
- 58.211.[removed].41 setup4.[removed].com
Once connection is established executable file by name barsetup[1] is downloaded under Temporary Internet Files folder for which detection is covered under "BackDoor-CVM" family.
Symptoms
Symptoms -
Presence of an executable file by name barsetup[1] under Temporary Internet Files folder confirms the attack.
Method of Infection
Method of Infection -
N/A. Downloaders are not viruses, and as such do not themselves contain any method to replicate. However they may themselves be downloaded by other viruses and/or Trojans to be installed on the user's system.
Removal -
Removal -
A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.
Variants
Variants -
N/A