This type of trojan secretly downloads malicious files from a remote server, then installs and executes the files.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
This trojan may be downloaded from a malicious website. It may also arrive as an email attachment.Known email subjects associated with this malware are:
During installation, the trojan will drop a copy of itself to:
It also sets a launch point with the following registry key:
It will then try to launch svchost.exe, and injects its code by replacing the launched svchost.exe code.
Upon execution, this malware will attempt to connect to the following websites:
It then attempts to download additional files from the following IP addresses:
As of this writing, these IP addresses are down and are not available.
Date Created: -
Date Last Modified: -