TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_VIDRO.AA
Overview
Solution

Malware type: Trojan

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

This Trojan has received attention from independent media sources and/or other security firms.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Threat Diagram shown below.

TROJ_VIDRO.AA Behavior Diagram

Malware Overview

This Trojan may be downloaded from remote sites by other malware. It may be dropped by other malware.

It is capable of injecting itself into the legitimate process, EXPLORER.EXE, to prevent itself from getting terminated easily.

It checks if the running process is the default browser or KERNEL32.DLL. It does this by looking at a certain registry key. It then attempts to send an HTTP GET request from the following URL:

  • http://{BLOCKED}.{BLOCKED}.113.29/stats.php?head=0&state=240&len=0

As of this writing, however, the said URL is inaccessible.

For additional information about this threat, see:
Solution
Technical Details

Description created: Oct. 28, 2009 3:18:27 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.