Internet threat level: 1
Home→Descriptions→Trojan-Downloader.Win32.Small.bpan
Trojan-Downloader.Win32.Small.bpan
| Detected | Mar 07 2011 10:41 GMT |
| Released | Mar 07 2011 16:34 GMT |
| Published | Apr 22 2011 08:56 GMT |
Payload
Removal instructions
Technical Details
This Trojan downloads other malware via the Internet and launches it for execution without the user's knowledge or consent. It is a Windows application (PE EXE file). It is 2560 bytes in size. It is written in C++.
Payload
Once launched, the Trojan establishes a connection with the following IP address:
69.***.192.250
It receives encrypted data. The Trojan then decrypts this data and saves the files in the current user's temporary directory under the names like:
%Temp%\_<rnd>.tmpwhere <rnd> is a random set of numbers and letters of the Latin alphabet.
The Trojan then launches these files for execution and ceases running.
Removal instructions
If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:
- Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
- Delete the following files:
%Temp%\_<rnd>.tmp
- Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).
MD5: A51B21251FBC40F0D678F09C7F1E26C5
SHA1: F685C9C3ECE3E86FAC085ED28DC291E6B15A93E1
Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.
Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).
This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.