Home / malwarePDF  

Trojan.Spy.Webmoner.CE


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Spy.Webmoner.CE is also known as Backdoor:Win32/Hupigon(OneCare.

Explanation :

-In order to outwit the user, the file ofen has an icon of an installer or of a well-known file type(e.g. Media Player files, IE files); also, it may have names like iexplorer or svchost, sometimes modified (svchust);
-It makes a copy in one of the Windows folders and creates a .BAT (Uninstal.bat, delete.bat) file to delete itself from its initial location; the copy will be started as a Windows service. The service description contains only the service name or dobious random characters.
-It tries to download an executable file from suspicious URLs such as lzw791227.vicp.net or hacklwr1986.3322.org

Last update 21 November 2011

 

TOP