Home / malware Trojan.Downloader.Cekar.B
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Downloader.Cekar.B is also known as Trojan-Downloader.Win32.Delf, Trojan-Downloader.Win32.Delf.
Explanation :
When is executed, the virus waits 5 minutes and then tries to find an existing Internet Explorer process.
If it doesn't exist, it creates one and injects itself into Internet Explorer process, creating there a new thread which tries
to download a file from http://[xxx].tesekl.info/[xxx]/win.ini (which is another virus) and terminates the process.
After that, main process executes that file and begins the infection of executable files on local hard-drive.
It searches for *.exe and *.scr files and infects them with Win32.Cekar.A.
Most of installer packages will become corrupted because the virus modifies the overlay data in an irredeemable way.
But the rest of files and all code data from executables can be restored by BitDefender.Last update 21 November 2011