Home / malware Trojan:Win32/Redosdru.F
First posted on 21 October 2014.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/Redosdru.F.
Explanation :
Threat behavior
Installation
The trojan might be downloaded and installed by Trojan:Win32/Wepiall.A.
It is installed as a service, which causes the trojan to run whenever you start Windows.
The details of the service are:
Service name: KillAllqsk web Service
Display name: WebSystembrp
Description: WebSystemop Kill All Service
It may connect to the following servers to check that your PC is connected to the Internet:
- 202.101.224.68
- 202.102.152.3
- 202.96.102.3
- 202.96.75.68
- 202.99.160.68
Payload
Connects to remote server
The trojan connects to a server to allow unauthorized access to and control of your PC. We have seen it try to connect to:
.meibu.net .f3322.org .3322.org
When it's connected, the remote malicious hacker can do a number of things to your PC, including:
- Deleting files and folders
- Downloading and running files
- Logging keystrokes and stealing sensitive data
- Running or stopping programs
- Uploading files
Analysis by Jireh Sanico
Symptoms
Alerts from your security software may be the only symptom.
Last update 21 October 2014
