Malware type: Trojan

Aliases: PAK:UPX, Trojan-Dropper.Win32.Kido.c, Trojan-Dropper.Win32.Kido.b (Kaspersky), W32.Downadup.C (Symantec), TR/Crypt.XPACK.Gen (Avira),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

Malware Overview

This Trojan may be downloaded from remote site(s) by other malware. It may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web site(s).

It drops a copy of itself. It checks the date and the Operating System version of the affected system. If the year on the affected system is 2009 and below and the Operating System is Windows 2003 and below (this includes Windows 98, ME, NT, 2000, XP, Server 2003), it drops a file detected by Trend Micro as WORM_DOWNAD.AD in %Temp% folder.

As a result, malicious routines of dropped file are also exhibited on the affected system.

It then deletes itself after execution.

For additional information about this threat, see:
Solution
Technical Details

Description created: Mar. 17, 2009 10:51:30 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.