Home / malware Trojan:Win32/Bicololo.C
First posted on 15 July 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Bicololo.C.
Explanation :
Threat behavior Trojan:Win32/Bicololo.C is a malicious program that is unable to spread of its own accord. It may perform a number of actions of an attacker's choice on an affected computer.
Installation
Trojan:Win32/Bicololo.C creates the following files on your PC:
- %programfiles%\inst\kak\1.txt
- %programfiles%\inst\kak\buhlo.vbs
- %programfiles%\inst\kak\cheburek.bat
- %programfiles%\inst\kak\uninstall.exe
- %programfiles%\inst\kak\uninstall.ini
- c:\documents and settings\administrator\local settings\temp\$inst\2.tmp
- c:\documents and settings\administrator\local settings\temp\$inst\temp_0.tmp
Payload
Changes Hosts file
Trojan:Win32/Bicololo.C changes the Windows Hosts file. Malware sometimes does this to redirect URLs to different IP addresses, often to stop you from accessing security-related websites. Contacts remote host
The malware might contact a remote host at 198.175.125.195 using port 80. Commonly, malware does this to:This malware description was produced and published using automated analysis of file SHA1 19714c3cca6df4cdb56098e9ecbfc044fd82103d.Symptoms
- Report a new infection to its author
- Receive configuration or other data
- Download and run files, including updates or other malware
- Receive instructions from a remote hacker
- Upload data taken from your PC
System changes
The following could indicate that you have this threat on your PC:
- You have these files:
%programfiles%\inst\kak\1.txt
%programfiles%\inst\kak\buhlo.vbs
%programfiles%\inst\kak\cheburek.bat
%programfiles%\inst\kak\uninstall.exe
%programfiles%\inst\kak\uninstall.ini
c:\documents and settings\administrator\local settings\temp\$inst\2.tmp
c:\documents and settings\administrator\local settings\temp\$inst\temp_0.tmpLast update 15 July 2014
