SecurityHome.eu Trojan:Win32/Reveton.R!lnk

Home / malware PDF

Trojan:Win32/Reveton.R!lnk

First posted on 06 May 2013.
Source: Microsoft
Aliases :
Trojan:Win32/Reveton.R!lnk is also known as Win32/Reveton.M trojan (ESET), CXmal/RnsmLnk-A (Sophos).
Explanation :

Trojan:Win32/Reveton.R!lnk is a detection for the shortcut files (.LNK) created by variants of the Trojan:Win32/Reveton family.

Trojan:Win32/Reveton variants arrive on your computer with a random name. They create a shortcut file in the Windows startup folder to make sure the trojan is run every time you log on.

The file has a .LNK extension, for example <startup folder>\msconfig.lnk.

The Trojan:Win32/Reveton.R!lnk shortcut file uses an icon that looks like the one below:

The file is opened either by Windows when you log on, or manually if you click the shortcut.

When opened the file runs an installed copy of a Trojan:Win32/Reveton variant, such as Trojan:Win32/Reveton.R.

Analysis by Stefan Sellmer

Last update 06 May 2013

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Trojan:Win32/Reveton.C
Trojan:Win32/Reveton.F
Trojan:Win32/Reveton.R!lnk
Trojan:Win32/Reveton.V
Trojan:Win32/Reveton.N
Trojan:Win32/Reveton.Q
Trojan:Win32/Reveton.P
Trojan:Win32/Reveton.A