|Detected||Aug 17 2010 00:37 GMT|
|Released||Aug 17 2010 10:58 GMT|
|Published||Mar 22 2011 13:22 GMT|
This Trojan installs other programs on the computer without the user's knowledge. It is a Windows application (PE EXE file). It is 40 960 bytes in size. It is packed using ASPack. The unpacked file is approximately 242 KB in size. It is written in C++.
Once launched, the Trojan carries out the following actions:
%USERPROFILE%\Microsoft\smx4pnp.dll(4608 bytes; detected by Kaspersky Anti-Virus as "Trojan-Downloader.Win32.Small.kph")
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "smx4pnp" = "rundll32.exe "%USERPROFILE%\Microsoft\smx4pnp.dll", Launch"Thereby, each time the system is rebooted, the "Launch" function will be called from the previously extracted library.
mo***lo.ina file named "s.txt" is requested; this file contains links for downloading files. Then, in a cycle, files are downloaded from the links obtained and launched for execution. The downloaded files are saved in the directory
%Temporary Internet Files%At the time of writing, these files could not be downloaded.
If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "smx4pnp" = "rundll32.exe "%USERPROFILE%\Microsoft\ smx4pnp.dll", Launch"
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to: