Mal/Dloadr-Y

Category: Viruses and Spyware Protection available since:02 Apr 2010 00:19:30 (GMT)
Type: Malicious behavior Last Updated:02 Apr 2010 00:19:30 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Mal/Dloadr-Y is a malicious downloader for the Windows platform.

Mal/Dloadr-Y typically includes functionality to:

- run automatically
- modify personal firewall settings
- access the internet and communicate with a remote server via HTTP

Mal/Dloadr-Y attempts to download a config file from a remote website, and then to download and execute a number of executable files according to the contents of the config file.

Mal/Dloadr-Y usually sets registry entries such as the following to run itself automatically on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\start 1
<path to file>

Mal/Dloadr-Y typically sets the following registry entry to allow itself to bypass the Windows firewall:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile\AuthorizedApplications\List
<path to malware>:*:Enabled:ldrsoft

Registry entries are usually created under:

HKCU\Software\Microsoft\idl
<random digits and letters>

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy