Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


MultiDropper-LA


Aliases:


MultiDropper-LA
Neblso.A, W32/MultiDropper-LA

Malware

W32

Summary

Files detected as MultiDropper-LA drop already detected worms into the system's temporary files folder and execute them.



Disinfection & Removal

We have received four samples which, upon being executed, will drop two files into the system's temporary files folder. The dropped files are old malware, already detected by F-Secure Anti-Virus.



Technical Details

All the variants we received drop two files. We now provide their filenames and current detection results.

  • %Temp%/document.txt .exe Infected: W32/NetSky.P@mm
  • %Temp%/your_details.exe Infected: I-Worm.Sobig.f
  • %Temp%/document.txt .exe Infected: W32/NetSky.P@mm
  • %Temp%/msblast.exe Infected: Worm.Win32.Lovesan.a
  • %Temp%/document.txt.jpg Infected: W32/NetSky.P@mm
  • %Temp%/msbLAST.EXE-1C3A3376.pf.exe Not an executable
  • %Temp%/your_details.exe Infected: I-Worm.Sobig.f
  • %Temp%/msblast.exe Infected: Worm.Win32.Lovesan.a

Afterwards those files are run, triggering all the known effects produced by those worms.



Detection

F-Secure Anti-Virus detects W32/MultiDropper-LA starting from the following update:

Detection Type: PC
Database: 2004-07-27_05



Description Created: Ero Carrera, July 27th, 2004



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.