|Detected||Feb 03 2010 10:29 GMT|
|Released||Feb 03 2010 21:13 GMT|
|Published||Sep 20 2011 14:21 GMT|
A trojan program that carries out destructive actions on the user's computer. It is a Windows application (PE-EXE file). 8704 bytes. Written in C++.
After launching, the trojan uses the system utility "sc.exe" to carry out the following command sequence:
sc.exe config wuauserv start= auto sc.exe config BITS start= demand sc.exe stop wuauserv sc.exe config BITS start= disabled sc.exe config wuauserv start= disabledThis stops and cancels the automatic launch of the "wuauserv" service (Windows Automatic Update service), and also cancels the automatic launch of the "BITS" service (Background Intelligent Transfer Service). The trojan then opens the following resource in the Internet Explorer browser:
http://windo***pdate.microsoft.comThe trojan then shuts down.
If your computer has not been protected with anti-virus software and has been infected with malware, you will need to take the following actions to delete this:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.