Home / malware Trojan.Patched.V
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Patched.V is also known as Trj/Agent.FTI, Win32:Small-DKF[Trj].
Explanation :
A mutex named updater3 is created in order to allow only one instance of the malware to be executed at a time.
The malware checks the availability of the internet connection by trying to reach www.google.com and sends ICMP echo requests to
wikipedia.org,
myspace.com,
youtube.com and
yahoo.com.
If the sites can be reached, the malware downloads an executable file,verifies its MZ signature and executes it.
Trojan.Patched.V has backdoor capabilities: listens on some ports and accepts multiple clients to connect.
It creates an entry in the registry key SoftwareMicrosoftWindowsCurrentVersionShellServiceObjectDelayLoad to be loaded at every system restart.Last update 21 November 2011
