Troj/Dloader-NG

Category: Viruses and Spyware
Type: Trojan
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Dloader-NG is a Windows downloader Trojan.

When run the Trojan copies itself to the Windows folder as glv.exe and creates the following registry entry so as to run itself on user logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
glv
%WINDOWS%\glv.exe

The Trojan also creates the following registry entries:

HKLM\SOFTWARE\Microsoft\VBApp
vbxXX
(sequence of hexadecimal bytes or a DWORD value)

(where XX ranges from the values 1 to 24)

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
glv
<DWORD value>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
RD
<DWORD value>

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion
Dset
<DWORD value>

Once installed Troj/Dloader-NG attempts to silently download files from remote websites via HTTP and run them.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy