|
Description:
This malware is a UPX-compressed, multi-threaded Trojan that, once activated, is able to carry out the following routines in the affected system:
- Reinstall itself in the infected system every five seconds
- Replace the Windows hosts file with a file downloaded from a remote site
- Download files from a remote site and execute them locally
- Download a file from a remote site and modify Internet Explorer’s Search Page and Homepage according to the downloaded file’s contents
- Download a list of file names from a remote site and, if one of the files in the list is in the Windows’ AutoStart registry key, delete this and its corresponding registry entry
- Download a list of file names from a remote site, and if one of the files in the list is in the Windows’ AutoStart registry key, it will be terminated and then deleted and its corresponding autostart registry entry removed
- Connect to a particular URL
This malware works on Windows 95, 98, NT, 2000, ME and XP systems.
Note: This malware uses a bear as an icon and the file name JDBGMRG.EXE to fool users into thinking that it is the “JDBGMGR.EXE Hoax".
For additional information about this threat, see:
Solution
Technical Details
Description created: Jan. 3, 2003 2:25:03 PM GMT -0800
Description updated: Jan. 3, 2003 2:26:59 PM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
