Malware type: Trojan

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan may be downloaded from remote Web sites.

Upon execution, it accesses the Web sites to get the list of files to be downloaded. The said Web sites contain the URLs where possibly malicious files can be downloaded.

The downloaded files are then save in a folder using certain filenames which Trend Micro detects as the following:

• TROJ_DLOAD.PG
• TROJ_DLOAD.PI
• TROJ_DLOAD.PN

These files then attempt to download a fake antivirus application detected by Trend Micro as TROJ_FAKEAV.GDS.

It deletes itself after execution.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jan. 6, 2009 4:27:22 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.