Trojan.Win32.Downloader.32768.BW
| Aliases | |||
|---|---|---|---|
| Typical Symptoms | Creates file | ||
| Discovered | [korea] 2008-08-08 [Foreign] 0000-00-00 |
||
| Type | I-Worm | ActiveField | Win32 |
| Destory/Distribution |   |
||
| Origin | others | Encryption | NO |
| Location | File | Memory residence | NO |
| Scan engine needed |
2008-08-08 [Able to detect & repair]
|
||
A. Route of InfectionTrojan.Win32.Downloader.32768.BW does not spread out as itself, and it is downloaded from hacked site or other malicious codes such as Spyware, Adware, Dropper, or etc. B. Symptom of Infection1) Once it is executed, it manipulates registry policy's values for blocking taskmgr.exe use. [PIC 2] DisableTaskMgr 2) It copies itself under System32 folder as a name of winds32.exe and creates condition to execute by modifying registry.
[PIC 2] Copy itself [PIC 4] Create executable registry 3.) It tries to access to Internet for downloading malicious codes, but the target sites are blocked and cannot be connected for now.
[PIC 4] Access try
[PIC 5] Access denied |
[How to repair] Reparable by ViRobot engine ver.2011-08-08.01 or above. |
