Malware type: Trojan

Aliases: not-virus:Hoax.Win32.Gavec.dc (Kaspersky), Trojan.Zlob (Symantec), Mal/Generic-A (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This Trojan can be downloaded from remote sites.

It arrives as an Nullsoft Scriptable Install System (NSIS)compressed file to trick the user into thinking that a legitimate video codec program is being installed. NSIS is an alternative Windows installation system that is used by popular applications such as Winamp.

To complete its attempt to trick the user into thinking that a valid video codec program is being installed, it performs the following routines which mimic the actions performed by a normal installation file:

• Creates a folder in the Program Files folder that contains the file UNINSTALL.EXE
• Creates a Start Menu item for the supposed codec program being installed
• Creates appropriate registry entries related to the supposed codec program
• Displays a series of installation dialogs including agreeing to a License Agreement

For additional information about this threat, see:
Solution
Technical Details

Description created: Nov. 1, 2007 4:48:09 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.