This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
Trojan-Downloader:W32/Small.DOG secretly downloads malware from a remote site to install and execute on the infected machine.
Small.DOG may be delivered to the system in an infected file attachment accompanying German-language spam email messages, such as below:
The attachment name used is Document.doc.exe. The attachment uses the Microsoft Word icon to disguise its executable nature and deceive the user into believing the attachment is a word document:
If the user executes the malware by clicking on the attachment, the Trojan creates a new instance of Svchost.exe using itself as the parameter.
It then drops the following file in the Windows System folder:
Small.DOG attempts to connect to one of the following websites to download an encrypted text file:
It then decrypts the downloaded text file to reveal the following download path:
Small.DOG will then download and execute this file. The downloaded file is detected as Trojan-Spy:W32/BZub.BLRegistry
It installs the following registry entries as its autostart technique:
Note: %WinDirSys% is by default C:\Windows\System32 and %FileName% represents the Copied filename plus the Random character.