A trojan that contains one or more malicious programs, which it will secretly install and execute.
Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.
This Generic Detection identifies malicious files that create a file directory under the temporary folder:
- %temp%\E_4 (or %temp%\E_N4)
The newly created folder is used to store the following files, which may be dropped by various malware:
The dropped files may be loaded in other processes to perform malicious activities.
Some variants may drop an executable files with random name inside a new created folder:
- %windir%\system32\[folder with random names]
Some variants from this family are observed to have downloading capabilities.
About Generic Detections
Unlike signature or single-file detections, a Generic Detection does not identify a unique or individual malicious program. Instead, a Generic Detection looks for broadly applicable code or behavior characteristics that indicate a file as potentially malicious, so that a single Generic Detection can efficiently identify dozens, or even hundreds of malware
For more information about Generic Detections, please see Generic Detection description.