Trojan.Downloader.JJRB

MEDIO
MEDIO
approx 32400 bytes

Sintomi

Presence of the file winsock.exe in C:\windows\system32\

Istruzioni per la rimozione:

Please let BitDefender disinfect your files.

Analizzato da

Mihai Razvan Benchea, virus researcher

Descrizione tecnica:

When executed, the virus creates a thread that is going to allow it to bypass Zone Alarm. When Zone Alarm alerts the user that a program wants to access the internet, the virus finds that window, searches the text within it to see if it’s related to the virus name and then attaches to the thread that created the window so it can send input. The virus moves through the window controls(by simulating the tab key) and checks the option “Remember this setting” and then clicks the Allow button.

After the rule for the firewall  was added, the virus tries to download and execute a file from:

http://www.freescan[hidden]/programs/winsock.exe. The downloaded file is currently detected as Generic.Malware.SIFYd.7e8A093d