SecurityHome.eu Trojan:Win32/Ruovs.A

Home / malware PDF

Trojan:Win32/Ruovs.A

First posted on 13 October 2014.
Source: Microsoft
Aliases :
There are no other names known for Trojan:Win32/Ruovs.A.
Explanation :
Threat behavior

Installation

Trojan:Win32/Ruovs.A copies itself to \com\svchost.exe. The malware creates the following files on your PC:

c:\documents and settings\all users\application data\mozilla\af1dcfzsaavfxwneaq.bin

Payload

Contacts remote hosts

Trojan:Win32/Ruovs.A can contact the following remote hosts:

87.236.210.109 using port 443
yandex.ru using port 80

Commonly, malware contacts a remote host to:
Confirm Internet connectivity
Report a new infection to its author
Receive configuration or other data
Download and run files (including updates and other malware)
Receive instruction from a remote hacker
Upload information taken from your PC
This malware description was produced and published using automated analysis of file SHA1 57c0763630f6d4042b961fd6b1b31180f2b26c0a.Symptoms

System changes

The following could indicate that you have this threat on your PC:

You have these files:

\com\svchost.exe
c:\documents and settings\all users\application data\mozilla\af1dcfzsaavfxwneaq.bin

Last update 13 October 2014

TOP

Malware :

Last 20

Family:

Trojan:Win32/Ruovs.A