Internet threat level: 1
Home→Descriptions→Trojan-Dropper.Win32.Small.enw
Trojan-Dropper.Win32.Small.enw
| Detected | Mar 08 2010 04:54 GMT |
| Released | Mar 08 2010 11:22 GMT |
| Published | Apr 21 2011 13:58 GMT |
Payload
Removal instructions
Technical Details
This Trojan is designed to install and launch other programs on the victim machine without the knowledge or consent of the user. It is a Windows application (PE EXE file). It is 29 184 bytes in size. It is written in C++.
MD5: 413b4eb7b90403eb0aabe8b0854c36bd
SHA1: 8913fcdbdedd4bbe8cce1d5a30fae2f36abc74b3
Payload
When launching, the Trojan extracts two files from its body and saves them in the current user's temporary directory under the following names:
%Temp%\ope<rnd>.exe %Temp%\ope<rnd>.exewhere <rnd> is a random digit or letter of the Latin alphabet.
One of the created files is 23 845 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan.Win32.Small.chz. The second file is 4625 bytes in size. It is detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Agent.dhfe.
The Trojan then launches the files for execution and ceases running.
Removal instructions
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
- Delete the following files:
%Temp%\ope<rnd>.exe %Temp%\ope<rnd>.exe
- Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
- Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to:
- secretly install Trojan programs and/or viruses
- protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.
Trojan-Dropper.
- Trojan:
Generic Dropper. qs (McAfee) - Mal/Generic-E (Sophos)
- W32/Troj_Obfusc.
M. gen!Eldorado (FPROT) - TrojanDownloader:
Win32/Dogrobot. D (MS(OneCare)) - BackDoor.
Beizhu. 2048 (DrWeb) - Win32/TrojanDropper.
Agent. NYS trojan (Nod32) - Trojan.
Generic. 4965452 (BitDef7) - Trojan.
DR. Small!+Vk6CIt7ZK4 (VirusBuster) - Win32:
Agent-AKDU [Drp] (AVAST) - Trojan-Dropper.
Win32. Small (Ikarus) - BackDoor.
Generic12. BSEL. dropper (AVG) - Trojan.
Gen (NAV) - NseCheckFile2() returned 0x00010018 (Norman)
- Trojan.
Win32. Generic. 52093ACD (Rising) - TROJ_SMALLDR.
SMJ (TrendMicro) - Trojan.
Win32. Generic!BT (Sunbelt) - Trojan.
DR. Small!+Vk6CIt7ZK4 (VirusBusterBeta)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.