Troj/DwnLdr-IWI

Category: Viruses and SpywareProtection available since:14 Mar 2011 08:48:44 (GMT)
Type: TrojanLast Updated:14 Mar 2011 08:48:44 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/DwnLdr-IWI exhibits the following characteristics:

File Information

Size
702K
SHA-1
5abed732a399939a0bcb65b9b9dc75e01fa460ad
MD5
857d87116f3749b017fa02e7eed010e3
CRC-32
70fdf36c
File type
application/x-ms-dos-executable
First seen
2011-03-14

Runtime Analysis

Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\msng.exe
    Size
    818K
    SHA-1
    11c120ee378ba5b914e60094b39694847d23905b
    MD5
    c161c03cf018a6db4a710f866f99e3fb
    CRC-32
    26411e82
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-14
  • C:\Program Files\Msn Messanger\msgr.exe
    Size
    818K
    SHA-1
    11c120ee378ba5b914e60094b39694847d23905b
    MD5
    c161c03cf018a6db4a710f866f99e3fb
    CRC-32
    26411e82
    File type
    application/x-ms-dos-executable
    First seen
    2011-03-14
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    MSN Messanger
    C:\Program Files\Msn Messanger\msgr.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MSN Messanger
    C:\Program Files\Msn Messanger\msgr.exe
Processes Created
  • c:\docume~1\support\locals~1\temp\msng.exe
  • c:\windows\system32\svchost.exe
HTTP Requests
  • http://plentyafricans.com/_server/editor/images/msng.exe
DNS Requests
  • plentyafricans.com
  • systema901.no-ip.biz