Troj/Dloadr-DBV

Category: Viruses and Spyware Protection available since:09 Aug 2010 13:38:14 (GMT)
Type: Trojan Last Updated:10 Aug 2010 09:38:05 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/Dloadr-DBV is a Trojan for the Windows platform.

Troj/Dloadr-DBV includes functionality to access the internet and communicate with a remote server via HTTP.

Troj/Dloadr-DBV communicates via HTTP with the following locations:

   61rr . com

When first run Troj/Dloadr-DBV copies itself to
<Program Files>\Thunder\ComDlls\1143\bubhlq.exe and creates the following files:

<Program Files>\Internet Explorer\MUI\iexplore.exe
<Downloaded Program Files>\xunlei.exe
<Windows>\Offline Web Pages\369\369safe.exe

Troj/Dloadr-DBV changes settings for Microsoft Internet Explorer by modifying values under:

HKCU\Software\Microsoft\Internet Explorer\Main\Frist\

Registry entries are set as follows:

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBar7Layout
<BINARY>

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.du\OpenWithList
a
369safe.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.du1\OpenWithList
a
369safe.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.du2\OpenWithList
a
369safe.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.du4\OpenWithList
a
369safe.exe

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
ITBarLayout
<BINARY>

Registry entries are created under:

HKCR\.du
HKCR\.du1
HKCR\.du2
HKCR\.du4
HKCR\.msm4
HKCR\dufile
HKCR\dufile1
HKCR\dufile2
HKCR\dufile4
HKCR\msm4file

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy