Home / malware TrojanDownloader:Win32/Taradorp.A
First posted on 18 June 2010.
Source: SecurityHomeAliases :
TrojanDownloader:Win32/Taradorp.A is also known as BackDoor-EPQ (McAfee), Trojan.Win32.Scar.caai (Kaspersky), TROJ_TARO.XZ (Trend Micro), Trojan:Win32/Taradorp.A (other).
Explanation :
TrojanDownloader:Win32/Taradorp.A is a malware that downloads an arbitrary file from the Internet. The downloaded file is presumably malicious in nature.
Top
TrojanDownloader:Win32/Taradorp.A is a malware that downloads an arbitrary file from the Internet. The downloaded file is presumably malicious in nature. Installation When run, TrojanDownloader:Win32/Taradorp.A copies itself into the Windows system folder and registers this copy as a Windows system service called "PMSservice". Its service description is "Protected Manager Service". Payload Downloads arbitrary files TrojanDownloader:Win32/Taradorp.A downloads the following file on a regular schedule:update.winsdate.com/domestic/svchost.exe The file is saved and run as "<system folder>\vssvc.dll". Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Analysis by Jireh SanicoLast update 18 June 2010
