Home / malware Virus:Win32/Bamital.H
First posted on 12 November 2010.
Source: SecurityHomeAliases :
Virus:Win32/Bamital.H is also known as W32/Bamital.E (Authentium (Command)), Win32/Patched.FS (AVG), TR/Spy.1033728.15 (Avira), Win32.Dat.13 (Dr.Web), Win32/Bamital.EQ (ESET), Virus.Win32.Bamital (Ikarus), Generic.dx!upv (McAfee), Troj/Patched-O (Sophos), Trojan.Win32.Generic!BT (Sunbelt Software).
Explanation :
Virus:Win32/Bamital.H is the detection for the files "explorer.exe" and "winlogon.exe" when they are infected. The infection is caused by TrojanDropper:Win32/Bamital.C.
Top
Virus:Win32/Bamital.H is the detection for the files "explorer.exe" and "winlogon.exe" when they are infected. The infection is caused by TrojanDropper:Win32/Bamital.C. The infected file is used to load a data file, "%ALLUSERPROFILE%\Documents\Server\hlp.dat", for example "c:\Documents and Settings\All Users\Documents\Server\hlp.dat", which contains the bulk of the Bamital payload. The data file is detected as Trojan:Win32/Bamital. Note: The original copies of "explorer.exe" and "winlogon.exe" are saved to "%windir%\temp" by the virus as "explorer.dat" and "winlogon.dat" respectively.
Analysis by Tim Liu & Scott MolenkampLast update 12 November 2010