This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
Trojan-Downloader:W32/Small.EKV attempts to download and install other malware to the system. Small.EKV arrives on the system as a downloaded file of Exploit:W32/Ani.C.
Upon execution, it launches Internet Explorer by using the following hard-coded path:
- C:\program files\Internet Explorer\Iexplore.exe
It then injects the code to Internet Explorer and proceeds to download and execute another file from the following site:
The site listed above is currently inaccessible as of the time of this writing.
F-Secure Anti-Virus detects this malware with the following updates:
Detection Type: PC