This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
Trojan-Downloader:W32/Small.DOG secretly downloads malware from a remote site to install and execute on the infected machine.
Small.DOG may be delivered to the system in an infected file attachment accompanying German-language spam e-mail messages, such as below:
The attachment name used is Document.doc.exe. The attachment uses the Microsoft Word icon to disguise its executable nature and deceive the user into believing the attachment is a word document:
If the user executes the malware by clicking on the attachment, the Trojan creates a new instance of Svchost.exe using itself as the parameter.
It then drops the following file in the Windows System folder:
Small.DOG attempts to connect to one of the following websites to download an encrypted text file:
It then decrypts the downloaded text file to reveal the following download path:
Small.DOG will then download and execute this file. The downloaded file is detected as Trojan-Spy:W32/BZub.BLRegistry
It installs the following registry entries as its autostart technique:
Note: %WinDirSys% is by default C:\Windows\System32 and %FileName% represents the Copied filename plus the Random character.
F-Secure Anti-Virus detects this malware with the following updates:
Detection Type: PC