TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_DLOADER.OWO
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Downloader.Win32.Small.exk (Kaspersky), Downloader-ZL (McAfee), Trojan.Gobrena.B (Symantec), TR/Crypt.CFI.Gen (Avira), Mal/Heuri-E (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 Medium

Distribution potential:

 Low

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_DLOADER.OWO Behavior Diagram

Malware Overview

This Trojan is downloaded from remote sites by other malware. It can also be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, it displays the following message box:

Screenshot-windows-update

The message poses as a reminder to an update for a legitimate application. Clicking the OK button triggers this Trojan's download routine.

It terminates certain processes, if found running in memory.

It displays the icon of files related to certain applications, which further tricks a user into thinking that it is a legitimate file.

It accesses Web sites to download possibly malicious files. As a result, routines of the downloaded files may also be exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 15, 2007 4:30:32 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.