McAfee > Theat Center > Virus Detail Page

Overview

This downloader trojan attempts to connect to a remote website to download an executable file. This file will then be automatically run on the infected machine. This trojan is observed to have been downloaded by a variant of Exploit-ANIfile.c trojan.

Aliases

• Trojan.DownLoader.19753 (Doctor Web)

Characteristics

This downloader trojan attempts to connect to a remote website to download an executable file. This file will then be automatically run on the infected machine. This trojan is observed to have been downloaded by a variant of Exploit-ANIfile.c trojan.

Upon execution, the trojan creates and writes into the memory of iexplore.exe process.

iexplore.exe then starts to download other backdooor trojans from

• hxxp://220.71.76.189[REMOVED]

Symptoms

network connections to 220.71.76.189

Method of Infection

This trojan is observed to have been downloaded by a variant of Exploit-ANIfile.c trojan.

In general, the purpose of this trojan is simply to download a file from the Internet and execute it. It does not self-replicate. Downloader trojans are frequently sent in spammed emails designed to entice the recipient into running the file. Other likely distribution channels for this trojan include via IRC, via peer-to-peer file-sharing networks, as an attachment in newsgroup postings, etc. Trojans may also be received as a result of poor security practices (weak username/password combination on open shares, lack of/or misconfigured firewall protection), or unpatched and vulnerable systems.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This downloader trojan attempts to connect to a remote website to download an executable file. This file will then be automatically run on the infected machine. This trojan is observed to have been downloaded by a variant of Exploit-ANIfile.c trojan.

Aliases

• Trojan.DownLoader.19753 (Doctor Web)

Characteristics

Characteristics -

This downloader trojan attempts to connect to a remote website to download an executable file. This file will then be automatically run on the infected machine. This trojan is observed to have been downloaded by a variant of Exploit-ANIfile.c trojan.

Upon execution, the trojan creates and writes into the memory of iexplore.exe process.

iexplore.exe then starts to download other backdooor trojans from

• hxxp://220.71.76.189[REMOVED]

Symptoms

Symptoms -

network connections to 220.71.76.189

Method of Infection

Method of Infection -

This trojan is observed to have been downloaded by a variant of Exploit-ANIfile.c trojan.

In general, the purpose of this trojan is simply to download a file from the Internet and execute it. It does not self-replicate. Downloader trojans are frequently sent in spammed emails designed to entice the recipient into running the file. Other likely distribution channels for this trojan include via IRC, via peer-to-peer file-sharing networks, as an attachment in newsgroup postings, etc. Trojans may also be received as a result of poor security practices (weak username/password combination on open shares, lack of/or misconfigured firewall protection), or unpatched and vulnerable systems.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A