Trojan.Downloader.Bredolab.CW( Trojan.Bredolab, TrojanDownloader:Win32/Waledac.C, Trojan:W32/Agent.NFY )
SYMPTOMS: A computer has been infected with Trojan.Downloader.Bredolab.CW if* a process with random number name (e.g. 88359235.exe) appears in task manager; TECHNICAL DESCRIPTION: Trojan.Downloader.Bredolab.CW is a standard downloader of rogue malware. It is distributed in a packed form, protected by custom packers with anti-emulator and anti-debugging tricks to avoid detection by antivirus scanners. The structure and code of these packers are constantly changing to evade signatures.Once executed it tries to download two files from different addresses * http://195.xxx.xxx.36/pr/pic/fixer_sdgareh_h.exeEach file is downloaded in %system32%\Temp\ folder with a random name and executed from there: * _ex-[Random Number].exe Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Daniel RADU, Senior Virus Researcher |