|
|
|  |
|
|
|
|
F-Secure Malware Information Pages: Trojan-Downloader:W32/Agent.BUV

|
|
|
| Radar |
 |
|
|
|
Summary
|
Trojan-Downloader:W32/Agent.BUV downloads malicious files from a remote server.
It then executes and installs the downloaded files. |
|
|
|
Detailed Description
|
Upon execution, this malware creates a copy of itself at the following location: - %windir%\system\internat.exe
It then creates a BAT file that will be used to delete the original file executed by user. It will then create the following processes: - %windir%\system\internat.exe
- %programfiles%\Internet Explorer\IEXPLORE.EXE
The file called internat.exe is the malware's own process.
It attempts to download additional files from the following URLs: - http://www.smsunionmm.com/107/tj.htm
- http://www.smsunionmm.com/107/tj10.htm
Note: The URLs were offline during our period of investigation. |
|
|
|
F-Secure Corporation |
|
|
|
|
|
Last Modified: April 29, 2008
|
|
|
|
|