Home / malware Trojan:Win32/C2Lop.gen!J
First posted on 18 May 2009.
Source: SecurityHomeAliases :
Trojan:Win32/C2Lop.gen!J is also known as Also Known As:Trojan.Win32.Swizzor.a (Kaspersky), Mal/Swizzor-B (Sophos), Trojan.DL.Swizzor.Gen!Pac.5 (VirusBuster), Swizzor!s (McAfee).
Explanation :
Trojan:Win32/C2Lop.gen!J is a generic detection for a member of the Trojan:Win32/C2Lop family of trojans. This family modifies Web browser settings, adds browser bookmarks, and delivers pop-up advertisements.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
Trojan:Win32/C2Lop.gen!J is a generic detection for a member of the Trojan:Win32/C2Lop family of trojans. This family modifies Web browser settings, adds browser bookmarks, and delivers pop-up advertisements.
Installation
Trojan:Win32/C2Lop.gen!J may arrive on a system as a file that is bundled with other software. It is usually installed in the Windows Temporary Files folder using a random file name. When run, it launches and injects malicious code into the Internet Explorer process.
Payload
Downloads and Executes Arbitrary FilesTrojan:Win32/C2Lop.gen!J may connect to a remote Web site to download and execute arbitrary files. The downloaded files are usually members of the TrojanDownloader:Win32/Swizzor family or other components of the Trojan:Win32/C2Lop family. Once the downloaded files are successfully installed, unwanted pop-ups and advertisements may be displayed on the system.
For example, a specific sample of Win32/C2Lop.gen!J is known to attempt a connection to ayb.host-domain-lookup.com via TCP port 80 to download files. The downloaded files are saved in Temporary Internet Files folder.
Analysis by Francis Allan Tan SengLast update 18 May 2009
