English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Dropper.Win32.VB.or

Trojan-Dropper.Win32.VB.or

Detected Jan 17 2007 11:01 GMT
Released Jan 17 2007 11:01 GMT
Published Sep 20 2007 14:30 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan is designed to install other Trojan programs to the victim machine without the knowledge or consent of the user. It is a Windows PE EXE file. It is 863 881 bytes in size. It is written in Visual Basic.


Payload

Once launched, the Trojan extracts a file called "1.tmp" from its body to the current user's Windows temporary directory:

%Temp%\1.tmp. - this file is 32 336 bytes in size.

The Trojan then extracts a file called "2.tmp" to the current user's temporary directory:

%Temp%\2.tmp

This file is 774 171 bytes in size. It will be detected by Kaspersky Anti-Virus as Backdoor.Win32.Hupigon.gs.

Once the files have been successfully extracted they will be launched for execution.


Removal instructions

If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:

  1. Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
  2. Delete all files created by the Trojan:
    %Temp%\1.tmp
    %Temp%\2.tmp
  3. Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).


Print
Bookmark and Share
Share
Trojans
Trojan-Dropper

Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.

This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).

Such programs are used by hackers to:

  • secretly install Trojan programs and/or viruses
  • protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.

Other versions
Trojan-Dropper.Win32.VB.iv
Trojan-Dropper.Win32.VB.iw
Trojan-Dropper.Win32.VB.oj
Trojan-Dropper.Win32.VB.om
Trojan-Dropper.Win32.VB.ov
Trojan-Dropper.Win32.VB.ox
Trojan-Dropper.Win32.VB.qq
Trojan-Dropper.Win32.VB.sa
Trojan-Dropper.Win32.VB.tj

© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search