Home / malwarePDF  

Trojan.Downloader.Firu.G


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Trojan.Downloader.Firu.G is also known as Trojan-Downloader.Win32.Firu.dw Trojan:Win32/Bohmini.A W32.

Explanation :

When the file is first executed, it creates a copy of itself in %windier%system32 with a random name. This copy is scheduled to run at each fixed hour via "Scheduled Tasks". The original file is then deleted.

In order to hide itself, it injects its code in running processes and then kills its own process.

The malware is used to download other malicious files from the internet. It also disables certain security software, if encountered.

Last update 21 November 2011

 

TOP