Home / malware Trojan:Win32/Reveton!lnk
First posted on 27 August 2012.
Source: MicrosoftAliases :
Trojan:Win32/Reveton!lnk is also known as CXmal/RnsmLnk-A (Sophos), Trojan.LNK.Reveton (Ikarus).
Explanation :
Trojan:Win32/Reveton!lnk is a detection for shortcut files (LNK) created by variants of the Trojan:Win32/Reveton family. If your computer is detected with this threat, then it is likely that you have also been infected with a Trojan:Win32/Reveton variant.
Trojan:Win32/Reveton variants arrive on your computer with a random name. They create a shortcut file in the Windows startup folder with the LNK extension, for example "<startup folder>\ctfmon.lnk", to ensure the trojan is run every time you log on to Windows.
Note: <startup folder> refers to a variable location that is determined by the malware by querying the operating system. The default installation location for the Startup folder for Windows 2000, XP, and 2003 is "C:\Documents and Settings\<user>\Start Menu\Programs\Startup" or "C:\Users\<user>\Start Menu\Programs\Startup". For Windows Vista and 7, the default location is "C:\Users\<user name>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup".
The Trojan:Win32/Reveton!lnk shortcut file uses an icon that resembles the following:
When opened, either by Windows when you log on, or manually if you click the shortcut, the link runs an installed copy of the Trojan:Win32/Reveton variant, such as Trojan:Win32/Reveton.A, Trojan:Win32/Reveton.B or Trojan:Win32/Reveton.C.
Related encyclopedia entries
Trojan:Win32/Reveton
Trojan:Win32/Reveton.A
Trojan:Win32/Reveton.B
Trojan:Win32/Reveton.C
Analysis by Wei Li
Last update 27 August 2012
