trojan downloader: Trojan-Downloader.Win32.Adload.l
Acquisition time :2010-5-27
Hazard rating: Medium
virus symptoms
The sample is a downloader program which was developed use VC, Virus size “53,248″ bytes, the icon is “
“. Virus extension “exe”, mainly through the “file bundle”, “download manager”, “web page linked to Trojan” and other modes, the main purpose of the virus is to download the Trojan virus, control the user machine.
After the user’s computer was infected, the system will appear to run Slow, network ports open for no reason, a large number of unknown processes and so on.
Infected objects
Windows 2000/Windows XP / Windows 2003/Windows Vista / Windows 7
Transmission
Web Trojans, file bundle, download manager
Manually delete method:
1. Manually delete the file:% SystemRoot% \ System32 \ tirixr.dll
2. Manually remove the Registry key: HKEY_LOCAL_MACHINE \ SOFTWARE \ Softfy
Variable declaration:
% SystemDriver% system where the partition, typically “C: \”
% SystemRoot% WINDODWS directory, usually “C: \ Windows”
% Documents and Settings% user documentation directory, usually “C: \ Documents and Settings”
% Temp% temp folder, usually “C: \ Documents and Settings \ current user name \ Local Settings \ Temp”
% ProgramFiles% system program default installation directory, typically: “C: \ ProgramFiles”
Virus analysis:
1, create the registry key HKEY_LOCAL_MACHINE \ SOFTWARE \ Softfy record their own information
2. To find the system and is about to release a virus file and delete the file the same name, released the following file% SystemRoot% \ System32 \ tirixr.dll, and release the batch file 3755610570.bat
3. Loading run% SystemRoot% \ System32 \ tirixr.dll submitted to the designated local information website, and download a large number of Trojan viruses to run locally
4. Run a batch file to delete the virus source and the batch itself.
The virus creates a file:
% SystemRoot% \ System32 \ tirixr.dll
Virus to create the registry:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Softfy
I do not even know the way I finished up here, but I believed this submit was once great. I do not understand who you might be but definitely you are going to a well-known blogger if you happen to aren’t already. Cheers!
You really make it seem so easy with your presentation but I find this matter to be actually one thing which I feel I would never understand. It sort of feels too complex and very huge for me. I am taking a look forward on your subsequent publish, I’ll try to get the dangle of it!
Great post.Thanks for sharing such a useful information with us.
I believe that is one of the so much vital info for me. And i am glad studying your article. However want to remark on some normal things, The website style is wonderful, the articles is in reality great : D. Just right activity, cheers
Diese Site ist echt der hammer! Niemals schreibe ich etwas zu Blogs. Jetzt dacht i mir aber ich schreib dir mal! Kannst auch gern mal bei mir vorbei schauen. Gesunde Grüße!
Hi there! I just want to give an enormous thumbs up for the nice info you’ve got here on this post. I will likely be coming again to your weblog for more soon.
Especially useful article, I really was indeed grateful to locate your internet site on the web. I set a website link in my very own web-site consequently my visitors may access your sales page. Don’t hesitate to take a glimpse.
You should check this out…
[...] Wonderful story, reckoned we could combine a few unrelated data, nevertheless really worth taking a look, whoa did one learn about Mid East has got more problerms as well [...]……
Superb website…
[...]always a big fan of linking to bloggers that I love but don’t get a lot of link love from[...]……
Related……
[...]just beneath, are numerous totally not related sites to ours, however, they are surely worth going over[...]……
Links…
[...]Sites of interest we have a link to[...]……
Car Warranty News…
[...]the time to read the content or visiting we have linked to below the[...]…
Blogs ou should be reading…
[...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]……
Related……
[...]just beneath, are numerous totally not related sites to ours, however, they are surely worth going over[...]……
Blogs ou should be reading…
[...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]……
Check this out…
[...] that is the end of this article. Here you’ll find some sites that we think you’ll appreciate, just click the links over[...]……
Sites we Like……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
Visitor recommendations…
[...]one of our visitors recently recommended the following website[...]……
Recent Blogroll Additions……
[...]usually posts some very interesting stuff like this. If you’re new to this site[...]……
Online Article……
[...]The information mentioned in the article are some of the best available [...]……
Recommeneded websites…
[...]Here are some of the sites we recommend for our visitors[...]……
Websites you should visit…
[...]below you’ll find the link to some sites that we think you should visit[...]……
Blogs ou should be reading…
[...]Here is a Great Blog You Might Find Interesting that we Encourage You[...]……
Cool sites…
[...]we came across a cool site that you might enjoy. Take a look if you want[...]……
Cool sites…
[...]we came across a cool site that you might enjoy. Take a look if you want[...]……
Read was interesting, stay in touch……
[...]please visit the sites we follow, including this one, as it represents our picks from the web[...]……
You should check this out…
[...] Wonderful story, reckoned we could combine a few unrelated data, nevertheless really worth taking a look, whoa did one learn about Mid East has got more problerms as well [...]……
Visitor recommendations…
[...]one of our visitors recently recommended the following website[...]……
Sources…
[...]check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use[...]……
Links…
[...]Sites of interest we have a link to[...]……
Gems form the internet…
[...]very few websites that happen to be detailed below, from our point of view are undoubtedly well worth checking out[...]……
Sites we Like……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
Recommeneded websites…
[...]Here are some of the sites we recommend for our visitors[...]……
Gems form the internet…
[...]very few websites that happen to be detailed below, from our point of view are undoubtedly well worth checking out[...]……
Links…
[...]Sites of interest we have a link to[...]……
Websites worth visiting…
[...]here are some links to sites that we link to because we think they are worth visiting[...]……
Superb website…
[...]always a big fan of linking to bloggers that I love but don’t get a lot of link love from[...]……
Cool sites…
[...]we came across a cool site that you might enjoy. Take a look if you want[...]……
Read was interesting, stay in touch……
[...]please visit the sites we follow, including this one, as it represents our picks from the web[...]……
Sites we Like……
[...] Every once in a while we choose blogs that we read. Listed below are the latest sites that we choose [...]……
Recent Blogroll Additions……
[...]usually posts some very interesting stuff like this. If you’re new to this site[...]……
Sources…
[...]check below, are some totally unrelated websites to ours, however, they are most trustworthy sources that we use[...]……
You should check this out…
[...] Wonderful story, reckoned we could combine a few unrelated data, nevertheless really worth taking a look, whoa did one learn about Mid East has got more problerms as well [...]……
Related……
[...]just beneath, are numerous totally not related sites to ours, however, they are surely worth going over[...]……
Online Article……
[...]The information mentioned in the article are some of the best available [...]……
Gems form the internet…
[...]very few websites that happen to be detailed below, from our point of view are undoubtedly well worth checking out[...]……