Malware type: Trojan

Aliases: Trojan.Vundo(Symantec), Troj/Virtum-Gen(Sophos), PAK:PE_Patch.PECompact(Kaspersky), ADSPY/Virtumon.v.17(Avira), W32/Trojan2.SUB (exact)(F-Prot), Vundo(McAfee)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This Trojan is a .DLL file which arrives on a system either as a dropped file of other malware, or as a downloaded file from the Internet.

It injects itself into the WINLOGON.EXE process. It does the said routine as part of its memory-residency. It also registers itself as a Browser Helper Object (BHO) to ensure its automatic execution every time Internet Explorer is run.

For additional information about this threat, see:
Solution
Technical Details
Statistics

Description created: Jun. 4, 2007 3:57:23 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.