Internet threat level: 1
Home→Descriptions→Trojan-Dropper.Win32.Small.rd
Trojan-Dropper.Win32.Small.rd
| Detected | May 26 2005 18:03 GMT |
| Released | May 26 2005 18:03 GMT |
| Published | Apr 13 2006 13:35 GMT |
Payload
Removal instructions
Technical Details
This Trojan is designed to install other Trojan programs to the victim machine without the knowledge or consent of the user. The Trojan itself is a Windows PE EXE file 27,648 bytes in size.
Payload
Once launched, the Trojan copies itself to the Windows system directory under its original file name:
It then registers itself in the system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Service" = "%System%\<original Trojan file name>"
This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
Once launched, the Trojan copies itself to the Windows system directory as "dload.exe":
Kaspersky Anti-Virus will detect this file as Trojan-Downloader.Win32.Delf.dg
This file will then be launched for execution.
Removal instructions
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following files:
%System%\<original Trojan file name>
%System%\dload.exe - Delete the following entries from the system registry:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Service" = "%System%\<original Trojan file name>" - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus)
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to:
- secretly install Trojan programs and/or viruses
- protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.
Trojan-Dropper.
- Trojan:
Downloader-ME. dr (McAfee) - Troj/Dloader-CX (Sophos)
- Trojan.
Downloader. Tibser-2 (ClamAV) - Heuristic.
WinPE-Statistical (Panda) - W32/Heuristic-217!Eldorado (FPROT)
- Dialer:
Win32/TIBS (MS(OneCare)) - Trojan.
MulDrop. 1504 (DrWeb) - Win32/TrojanDropper.
Small. RD trojan (Nod32) - Dropped:
Trojan. Downloader. Delf. DG (BitDef7) - Trojan.
DR. Small!9bDxz2ZczgI (VirusBuster) - Win32:
Small-CVZ [Trj] (AVAST) - Trojan-Dropper.
Win32. Small. rd (Ikarus) - Dropper.
Small. 13. BI (AVG) - Dialer.
WSV (NAV) - NseCheckFile2() returned 0x00010018 (Norman)
- Trojan.
DR. Small!9bDxz2ZczgI (VirusBusterBeta)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.