English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeDescriptionsTrojan-Downloader.Win32.Genome.rw

Trojan-Downloader.Win32.Genome.rw

Detected Sep 12 2009 15:28 GMT
Released Sep 12 2009 20:22 GMT
Published Apr 26 2011 14:07 GMT

Technical Details
Payload
Removal instructions

Technical Details

This Trojan downloads files from the Internet and launches them without the user's knowledge. It is a Windows Dynamic Link Library (PE DLL file). It is 3875 bytes in size. It is packed using UPack. The unpacked file is approximately 61 KB in size. It is written in C++.


Payload

When loading the Trojan library's executable code to the address space of any process and calling up the functions "DllEntryPoint", a file will be downloaded via the Internet from the following link:

http://demo.8***261.cn/down/shell/up.js

The downloaded file is saved in the current user's temporary folder under a random name: 

%Temp%\<rnd>.uxl
where <rnd> is a random three-digit decimal number.

Once downloaded, the file will be launched for execution. At the time of writing, the link was not active.


Removal instructions

If your computer does not have antivirus protection and has been infected by this malicious program, follow the instructions below to delete it:

  1. Delete the original Trojan file (its location will depend on how the program originally penetrated the infected computer).
  2. Delete the following file: %Temp%\<rnd>.uxl
  3. Empty the Temporary Internet Files folder, which may contain infected files (How to delete infected files from Temporary Internet Files folder?).
  4. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).

MD5: 03DEA323618C2B67F740671AFE163A30

SHA1: A4903FD6F243A5C7B362C8BED07D3AF09BA20306



Print
Bookmark and Share
Share
Trojans
Trojan-Downloader

Programs classified as Trojan-Downloader download and install new versions of malicious programs, including Trojans and AdWare, on victim computers. Once downloaded from the Internet, the programs are launched or included on a list of programs which will run automatically when the operating system boots up.

Information about the names and locations of the programs which are downloaded are in the Trojan code, or are downloaded by the Trojan from an Internet resource (usually a web page).

This type of malicious program is frequently used in the initial infection of visitors to websites which contain exploits.


Other versions
Trojan-Downloader.Win32.Genome.abgk
Trojan-Downloader.Win32.Genome.abgl
Trojan-Downloader.Win32.Genome.abgm
Trojan-Downloader.Win32.Genome.abgp
Trojan-Downloader.Win32.Genome.asuc
Trojan-Downloader.Win32.Genome.asut
Trojan-Downloader.Win32.Genome.asvq
Trojan-Downloader.Win32.Genome.atab
Trojan-Downloader.Win32.Genome.baql
Trojan-Downloader.Win32.Genome.ccpo
Trojan-Downloader.Win32.Genome.cfbv

© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search