Home / malware Trojan.Spy.Webmoner.CE
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Spy.Webmoner.CE is also known as Backdoor:Win32/Hupigon(OneCare.
Explanation :
-In order to outwit the user, the file ofen has an icon of an installer or of a well-known file type(e.g. Media Player files, IE files); also, it may have names like iexplorer or svchost, sometimes modified (svchust);
-It makes a copy in one of the Windows folders and creates a .BAT (Uninstal.bat, delete.bat) file to delete itself from its initial location; the copy will be started as a Windows service. The service description contains only the service name or dobious random characters.
-It tries to download an executable file from suspicious URLs such as lzw791227.vicp.net or hacklwr1986.3322.orgLast update 21 November 2011