Home / malware Trojan:Win32/C2Lop.gen!H
First posted on 11 May 2009.
Source: SecurityHomeAliases :
Trojan:Win32/C2Lop.gen!H is also known as Also Known As:Trojan-Downloader.Win32.Swizzor.qw (Kaspersky), Trojan.DL.Swizzor.CEP (VirusBuster), Swizzor.gen (McAfee), :Adware/Lop (Panda), Downloader.Lop (Symantec).
Explanation :
Trojan:Win32/C2Lop.gen!H is a generic detection for a member of the Trojan:Win32/C2Lop family of trojans. This family modifies Web browser settings, adds browser bookmarks, and delivers pop-up advertisements.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
Trojan:Win32/C2Lop.gen!H is a generic detection for a member of the Trojan:Win32/C2Lop family of trojans. This family modifies Web browser settings, adds browser bookmarks, and delivers pop-up advertisements.
Installation
Trojan:Win32/C2Lop.gen!H may arrive on a system as a file that is bundled with other software. It is usually installed in the %Temp% folder using a random file name. When run, it launches and injects malicious code into the Internet Explorer process.
Payload
Downloads and Executes Arbitrary FilesWin32/C2Lop.gen!H may connect to a remote Web site to download and execute arbitrary files. The downloaded files are usually members of the TrojanDownloader:Win32/Swizzor family or other components of the Trojan:Win32/C2Lop family. Once the downloaded files are successfully installed, unwanted pop-ups and advertisements may be displayed on the system. For example, a specific sample of Win32/C2Lop.gen!H was observed attempting to connect to upd.host-domain-lookup.com via TCP port 80 to download files. The downloaded files are saved in Temporary Internet Files folder.
Analysis by Elda DimakilingLast update 11 May 2009
