Trojan-Downloader:W32/Valenavir.A

Classification

Malware

Trojan-Downloader

W32

Trojan-Downloader:W32/Valenavir.A

Summary

Valenavir.A disguises itself as a Valentine's eCard notification. When you click on the link in the notification email, it will redirect you to a page that attempts to persuade users into installing additional malware.

Removal

Automatic action

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

Find out more

Knowledge Base

Find the latest advice in our Community Knowledge Base.

User Guide

See the user guide for your product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Trojan-Downloader:W32/Valenavir.A disguises itself as a Saint Valentine's Day eCard notification.The eCard notification arrives in spammed email. When you click on the link in the email, it will redirect you to a page that asks you to install a fraudulent Adobe Flash Player. The software is supposedly required in order to view the eCard. This fraudulent application is actually a Trojan-Spy that downloads and installs a Trojan-Spy:W32/BZub variant onto the system.Once installed, Valenavir.A connects to:

  • http://www.nownames.org/new/[blocked].php?l=Un

Which redirects to:

  • http://dedmazay.3322.org/images/[blocked].exe.

The attempted download is detected as Trojan-Spy:W32/Bzub.HZ.

Date Created: -

Date Last Modified: -