Troj/Dropper-AE

Aliases	Trojan-Dropper.Win32.Small.ra
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Drops more malware
Included in our products from	May 2005 (3.93)
Protection available since	5 April 2005 09:03:21 (GMT)
Detected by	All Sophos products

Troj/Dropper-AE is a dropper Trojan for the Windows platform.

When run the Trojan may display a message box with the following characteristics:

Title: Ne mogu!
Message: <dropped Trojan path>

Troj/Dropper-AE may delete the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler\Advanced Features

HKLM\Software\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad\Advanced Features

The Trojan may create the following registry entries:

HKCU\Software\Classes\CLSID\(3F245C2A-1558-3CCA-04A8-7AA23B60E40F)\
InProcServer32\@
%SYSTEM%\task.dll

HKCU\Software\Classes\CLSID\(3F245C2A-1558-3CCA-04A8-7AA23B60E40F)\
InProcServer32\ThreadingModel
Apartment

HKLM\Software\Microsoft\Windows\CurrentVersion\
ShellServiceObjectDelayLoad\(3F245C2A-1558-3CCA-04A8-7AA23B60E40F)
Reload Browse

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\
SharedTaskScheduler\(3F245C2A-1558-3CCA-04A8-7AA23B60E40F)
Reload Browse

The Trojan drops the file %SYSTEM%\task.dll or \Microsoft\task.dll with the path given by the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
AppData

Troj/Dropper-AE then runs the dropped file.

The dropped file is detected by Sophos as Troj/Dloader-KX.

Get reports about the latest virus and spyware threats delivered to your computer