Home / malware Trojan.Renos.PHM
First posted on 21 November 2011.
Source: BitDefenderAliases :
Trojan.Renos.PHM is also known as Backdoor.Win32.Agent.avqz, Downloader-CEW.e, TrojanDownloader:Win32/Renos.KX.
Explanation :
Trojan.Renos.PHM is a trojan downloader belonging to the Renos family. It attempts to download other trojans.
Upon execution it will try to connect to various remote addresses for downloading and executing other malware components.
It attempts to post data to addresses belonging to the following domains:
blueriverarts.com, redskeltonarts.com, greenbeearts.com
From the afore mentioned URLs, the trojan obtains links to other three malware components, which it then downloads and executes. The downloaded malware are detected by BitDefender under the name Trojan.Renos.PHH and are dangerous trojans which download and install additional malware, spyware and badware, for various reasons.
Other dangerous sites to which the malware components try to connect:
cuert.com, msdip.com, resellerrati.com, allshome.com, thedupage.com
The Trojan removes his traces by creating a batch file jtp..bat under %TEMPDIRECTORY% which deletes the trojan and the batch file, too.Last update 21 November 2011