Home / malwarePDF  

Trojan.Downloader.VBS.DA


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Downloader.VBS.DA is also known as %Trojan.Downloader.JS.Gen, (KAV.

Explanation :

This small downloader is written in VBS and it is embeded in html files. When it receives control, it will attempt to download 4 files from the following location: http://love[removed].org/css. The files being downloaded are:

- AutoCfg.exe - infected, detected as Backdoor.Ardu.A

- Instexnt.exe, Autoexnt.exe, Servmess.dll - these are clean files and are used for running scripts before a user logs on

After downloading these filese, it will attempt to install AutoExNT service and it will create another file (AutoExNT.bat), where the infected application (AutoCfg.exe) will be listed. This way, the malware will receive execution after every reboot, even if there is no user logged on that computer.

Last update 21 November 2011

 

TOP