Troj/Dloader-FE is a downloading Trojan for the Windows platform.
When executed Troj/Dloader-FE attempts to download a number of the files from predefined remote locations as systime.exe and dktibs.exe to the Windows system folder and toolbar.exe the WIndows folder.
Troj/Dloader-FE replaces the existing HOSTS files in the Windows and Drivers\etc folders with one that contains the following list of locations redirected to the 127.0.0.3 local host:
n-glx.s-redirect.com
x.full-tgp.net
counter.sexmaniack.com
autoescrowpay.com
www.autoescrowpay.com
www.awmdabest.com
www.sexfiles.nu
awmdabest.com
sexfiles.nu
allforadult.com
www.allforadult.com
www.iframe.biz
iframe.biz
www.newiframe.biz
newiframe.biz
www.vesbiz.biz
vesbiz.biz
www.pizdato.biz
pizdato.biz
www.aaasexypics.com
aaasexypics.com
www.virgin-tgp.net
virgin-tgp.net
Troj/Dloader-FE attempts to terminate a number of processes related to the following applications:
services.exe
msxmidi.exe
bitmap.tmp
file.exe
exploit.exe
fucker.exe
winmm64.exe
ir.exe
intron.exe
intronet.exe
twink64.exe
usb.exe
teur.exe
host32.exe
sidefind.exe
alchem.exe
powerscan.exe
Installer2.exe
ttgkirnl.exe
bargains.exe
WinClt.exe
Winad.exe
istsvc.exe
actalert.exe
optimize.exe
iinstall.exe
printer.exe
printer32.exe
loadclean.exe
telnet.exe