Trojan.Downloader.JJRB

SINTOMI:

Presence of the file winsock.exe in C:\windows\system32\

DESCRIZIONE TECNICA:

When executed, the virus creates a thread that is going to allow it to bypass Zone Alarm. When Zone Alarm alerts the user that a program wants to access the internet, the virus finds that window, searches the text within it to see if it’s related to the virus name and then attaches to the thread that created the window so it can send input. The virus moves through the window controls(by simulating the tab key) and checks the option “Remember this setting” and then clicks the Allow button.

After the rule for the firewall  was added, the virus tries to download and execute a file from:

http://www.freescan[hidden]/programs/winsock.exe. The downloaded file is currently detected as Generic.Malware.SIFYd.7e8A093d

ISTRUZIONI DI RIMOZIONE:

Please let BitDefender disinfect your files.

ANALIZZATO DA:

Mihai Razvan Benchea, virus researcher