Trojan-Dropper.Win32.Small.anx

Technical Details

This Trojan program can be used to install other Trojans to the victim machine. The main file is a Windows PE EXE file 9405 bytes in size, packed using FSG. The unpacked file is approximately 45KB in size.

Payload

Once launched, the Trojan copies itself to the Windows system directory under a random name, with the attributes 'hidden' and 'read only'.

When launching, the Trojan also drops a randomly named file to the Windows system directory. This file is 4096 bytes in size, and has 'hidden', 'archive' and 'read only' attributes'.

This file will be detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Small.crd.

This file will then be launched for execution, and the original file will be deleted.

The Trojan also creates the following record in the system registry:

Removal instructions

Manual removal

1. Reboot the computer in Safe Mode (at the start of the boot sequence, press and hold F8, then choose Safe Mode from the Windows boot menu.)
2. Delete the files dropped by the Trojan:
   %System%\<random symbols>.exe
   %System%\<random symbols>.dll
3. Change the following system registry key:

   from

   [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="%System%\<random symbols>.dll"

   to the original value

    "AppInit_DLLs"=" "
4. Update your anti-virus databases and perform a full scan of the computer. (download a trial version of Kaspersky Anti-Virus).