Home / malware Trojan:Win32/Bamital.G
First posted on 19 October 2010.
Source: SecurityHomeAliases :
Trojan:Win32/Bamital.G is also known as TR/Shutdowner.etd (Avira), Trojan.Hottrend.25 (Dr.Web), Win32/Bamital.DT (ESET), Trojan.Win32.Shutdowner.etd (Kaspersky), Trojan.Shutdowner.ABM (Norman), Trojan.Bamital (Symantec).
Explanation :
Trojan:Win32/Bamital.G is a trojan component that executes a payload component installed by TrojanDropper:Win32/Bamital.G.
Top
Trojan:Win32/Bamital.G is a trojan component that executes a payload component installed by TrojanDropper:Win32/Bamital.G. InstallationTrojan:Win32/Bamital.G is installed by TrojanDropper:Win32/Bamital.G and may be present as the following: %ALLUSERSPROFILE%\Documents\Server\shhlp.dll Payload Executes dropped malwareTrojan:Win32/Bamital.G loads the following payload component previously installed by TrojanDropper:Win32/Bamital.G: <system folder>\hlp.dat Trojan:Win32/Bamital.G reads the payload component code into memory and executes the code immediately. The payload code is used to monitor and modify web search queries and display its own online advertisements. Additional InformationFor more information about TrojanDropper:Win32/Bamital.G, see the description elsewhere in the encyclopedia.
Analysis by Shawn WangLast update 19 October 2010
