Home / malware Downloader.Preft
First posted on 24 December 2015.
Source: SymantecAliases :
There are no other names known for Downloader.Preft.
Explanation :
This malware is known to arrive on the compromised computer as a Trojanized installer for the following programs:
IFS Fiber Design CenterTruVision Player
Once executed, the Trojan creates the following file:
%Temp%\[RANDOM FILE NAME].exe
Note: [RANDOM FILE NAME] is a random .exe file name selected from the %System% directory. The Trojan will not use a file name containing any of the following strings:
installsetupupdate
Next, the Trojan downloads Backdoor.Preft from the following remote location:
[http://]www.htomega.com/rgboard/image/rgboa[REMOVED]Last update 24 December 2015
