F-Secure
Tools
Trojan-Downloader:W32/Trojan-Downloader
| Name : | Trojan-Downloader:W32/Trojan-Downloader |
| Category: | Malware |
| Type: | Trojan-Downloader |
| Platform: | W32 |
Summary
This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Disinfection
Automatic Disinfection
Starting from F-Secure Anti-Virus (FSAV) version 5.40, standalone malware (backdoors, worms, trojans, etc.) is automatically removed. FSAV automatically renames malware files to prevent them from being executed.
In rare cases, automatic disinfection is not possible and the user must instruct FSAV to perform disinfection (renaming and/or deleting the infected file).
In special cases, the user is recommended to perform disinfection using specific tools provided by F-Secure. The tools can be downloaded from:
- ftp://ftp.f-secure.com/anti-virus/tools/
- http://www.f-secure.com/download-purchase/tools.shtml
In some cases F-Secure Anti-Virus may not automatically disinfect a system. If so, please visit our Support pages at:
- http://support.f-secure.com/enu/home/virusproblem/howtoclean/
Windows System Restore Issues
If the computer is running on the Windows ME or XP operating systems, disabling the System Restore feature before disinfection is recommended. This is to avoid possible re-infection by a threat that has just been disinfected, as the System Restore feature may have unknowingly saved a copy of the infected file during its normal procedures. If the System Restore feature is active, it may then copy the infected file back to the hard drive after the user or an antivirus program has renamed or deleted it.
Instructions on how to disable the System Restore feature are here:
- Windows ME: http://www.f-secure.com/v-descs/sfc_dis.shtml
- Windows XP: http://www.f-secure.com/v-descs/sfc_dis1.shtml
Once disinfection is complete, re-enabling the System Restore feature is recommended. This will allow the user to restore the system to a stable configuration in the event that a crash or incompatibility issue occurs in the future.
F-Secure Anti-Virus
F-Secure Anti-Virus can be purchased from our online web store or from authorized distributors. A 30-day limited trial verson of F-Secure Anti-Virus may be downloaded from our website:
- http://www.f-secure.com/download-purchase/
All the latest versions of FSAV can automatically download the latest signature database updates. These updates can also be manually downloaded and installed from our web or ftp sites:
- http://www.f-secure.com/download-purchase/updates.shtml
Contacting F-Secure for help
If you have problems with disinfection, please consult a computer technician or send a message (and a sample) to our Response Lab. We have guidelines for sending virus samples, hoaxes and virus-related questions to F-Secure Response Lab published here:
- http://support.f-secure.com/enu/home/virusproblem/sample/
Starting from F-Secure Anti-Virus (FSAV) version 5.40, standalone malware (backdoors, worms, trojans, etc.) is automatically removed. FSAV automatically renames malware files to prevent them from being executed.
In rare cases, automatic disinfection is not possible and the user must instruct FSAV to perform disinfection (renaming and/or deleting the infected file).
In special cases, the user is recommended to perform disinfection using specific tools provided by F-Secure. The tools can be downloaded from:
- ftp://ftp.f-secure.com/anti-virus/tools/
- http://www.f-secure.com/download-purchase/tools.shtml
In some cases F-Secure Anti-Virus may not automatically disinfect a system. If so, please visit our Support pages at:
- http://support.f-secure.com/enu/home/virusproblem/howtoclean/
Windows System Restore Issues
If the computer is running on the Windows ME or XP operating systems, disabling the System Restore feature before disinfection is recommended. This is to avoid possible re-infection by a threat that has just been disinfected, as the System Restore feature may have unknowingly saved a copy of the infected file during its normal procedures. If the System Restore feature is active, it may then copy the infected file back to the hard drive after the user or an antivirus program has renamed or deleted it.
Instructions on how to disable the System Restore feature are here:
- Windows ME: http://www.f-secure.com/v-descs/sfc_dis.shtml
- Windows XP: http://www.f-secure.com/v-descs/sfc_dis1.shtml
Once disinfection is complete, re-enabling the System Restore feature is recommended. This will allow the user to restore the system to a stable configuration in the event that a crash or incompatibility issue occurs in the future.
F-Secure Anti-Virus
F-Secure Anti-Virus can be purchased from our online web store or from authorized distributors. A 30-day limited trial verson of F-Secure Anti-Virus may be downloaded from our website:
- http://www.f-secure.com/download-purchase/
All the latest versions of FSAV can automatically download the latest signature database updates. These updates can also be manually downloaded and installed from our web or ftp sites:
- http://www.f-secure.com/download-purchase/updates.shtml
Contacting F-Secure for help
If you have problems with disinfection, please consult a computer technician or send a message (and a sample) to our Response Lab. We have guidelines for sending virus samples, hoaxes and virus-related questions to F-Secure Response Lab published here:
- http://support.f-secure.com/enu/home/virusproblem/sample/
Additional Details
This is the Trojan-Downloader General Information page.
A Trojan-Downloader, when run, usually installs itself to the system and waits until an Internet connection becomes available. Once its primary download/execution routine is completed, it may also proceed to a secondary payload routine.
A Trojan-Downloader, when run, usually installs itself to the system and waits until an Internet connection becomes available. Once its primary download/execution routine is completed, it may also proceed to a secondary payload routine.