English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Downloader.Win32.Small.cfn

Trojan-Downloader.Win32.Small.cfn

Detected Jan 13 2006 18:26 GMT
Released Jan 13 2006 18:26 GMT
Published Apr 21 2006 13:34 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan is a Windows PE EXE file, written in Assembler. The infected file is 3584 bytes in size.


Payload

When launched, the program gets a list of processes launched on the system, and attempts to terminate processes with the names listed below:

APVDWIN.exe
Avp32.exe
avpcc.exe
NOD32KUI.exe
outpost.exe

Every second, it attempts to connect to core.***che-evolution.com. If a connection is established, the Trojan will send the following request to the server:

GET /load.cgi HTTP/1.1'

In response, the server will send an encrypted list of links to files on the Internet. The Trojan downloads these files, saves them to %WinDir% and then launches them for execution.


Removal instructions

  1. Use Task Manager to terminate the Trojan process.
  2. Delete the original Trojan file (the location will depend on how it penetrated the victim machine).
  3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).


Print
Bookmark and Share
Share
Trojans
Trojan-Downloader

Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.

Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).

This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.


Other versions
Trojan-Downloader.Win32.Small.abn
Trojan-Downloader.Win32.Small.aex
Trojan-Downloader.Win32.Small.anh
Trojan-Downloader.Win32.Small.aoa
Trojan-Downloader.Win32.Small.apc
Trojan-Downloader.Win32.Small.arf
Trojan-Downloader.Win32.Small.asa
Trojan-Downloader.Win32.Small.axk
Trojan-Downloader.Win32.Small.axp
Trojan-Downloader.Win32.Small.bab
Trojan-Downloader.Win32.Small.bah
Trojan-Downloader.Win32.Small.bai
Trojan-Downloader.Win32.Small.bal
Trojan-Downloader.Win32.Small.ban
Trojan-Downloader.Win32.Small.bar
Trojan-Downloader.Win32.Small.bdc
Trojan-Downloader.Win32.Small.bpan
Trojan-Downloader.Win32.Small.bven
Trojan-Downloader.Win32.Small.bxc
Trojan-Downloader.Win32.Small.bxp
Trojan-Downloader.Win32.Small.cck
Trojan-Downloader.Win32.Small.ccm
Trojan-Downloader.Win32.Small.cdk
Trojan-Downloader.Win32.Small.cg
Trojan-Downloader.Win32.Small.chq
Trojan-Downloader.Win32.Small.cjs
Trojan-Downloader.Win32.Small.ckn
Trojan-Downloader.Win32.Small.cnz
Trojan-Downloader.Win32.Small.cop
Trojan-Downloader.Win32.Small.crb
Trojan-Downloader.Win32.Small.crd
Trojan-Downloader.Win32.Small.cxz
Trojan-Downloader.Win32.Small.cyn
Trojan-Downloader.Win32.Small.cz
Trojan-Downloader.Win32.Small.dam
Trojan-Downloader.Win32.Small.dcj
Trojan-Downloader.Win32.Small.ddp
Trojan-Downloader.Win32.Small.dge
Trojan-Downloader.Win32.Small.dnk
Trojan-Downloader.Win32.Small.dsr
Trojan-Downloader.Win32.Small.eff
Trojan-Downloader.Win32.Small.ehu
Trojan-Downloader.Win32.Small.eir
Trojan-Downloader.Win32.Small.emx
Trojan-Downloader.Win32.Small.epy
Trojan-Downloader.Win32.Small.eqn
Trojan-Downloader.Win32.Small.fas
Trojan-Downloader.Win32.Small.fxl
Trojan-Downloader.Win32.Small.fyn
Trojan-Downloader.Win32.Small.fzu
Trojan-Downloader.Win32.Small.hg
Trojan-Downloader.Win32.Small.jk
Trojan-Downloader.Win32.Small.jm
Trojan-Downloader.Win32.Small.kph
Trojan-Downloader.Win32.Small.ksm
Trojan-Downloader.Win32.Small.laa
Trojan-Downloader.Win32.Small.s
Trojan-Downloader.Win32.Small.tnd
Trojan-Downloader.Win32.Small.tne
Trojan-Downloader.Win32.Small.tor
Trojan-Downloader.Win32.Small.tos
Trojan-Downloader.Win32.Small.ydh
Trojan-Downloader.Win32.Small.yk
Trojan-Downloader.Win32.Small.yt
Trojan-Downloader.Win32.Small.yx

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search