high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Included in our products from | January 2008 (4.25) |
| Protection available since | 20 November 2007 02:44:45 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Dload-Y is a Trojan for the Windows platform.
Troj/Dload-Y includes functionality to access the internet and communicate with a remote server via HTTP.
When run Troj/Dload-Y attempts to download and execute the following files to <Program Files>:
http://<host>/1.exe
http://<host>/2.exe
http://<host>/3.exe
http://<host>/4.exe
http://<host>/5.exe
http://<host>/6.exe
http://<host>/7.exe
http://<host>/8.exe
http://<host>/9.exe
http://<host>/10.exe
http://<host>/11.exe
http://<host>/12.exe
http://<host>/13.exe
http://<host>/14.exe
http://<host>/15.exe
http://<host>/16.exe
http://<host>/17.exe
http://<host>/18.exe
http://<host>/19.exe
http://<host>/20.exe
http://<host>/21.exe
http://<host>/22.exe
http://<host>/23.exe
http://<host>/24.exe
23.exe is downloaded as explorer.exe
24.exe is downloaded as arpqc.exe
Troj/Dload-Y copies itself to <System>\sysbl.exe
The following registry entry is created:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\explorer
run
<System>\sysbl.exe
|
