Home / malware TrojanDropper:Win32/Fainli.A
First posted on 18 June 2010.
Source: SecurityHomeAliases :
TrojanDropper:Win32/Fainli.A is also known as TR/Drop.Fainli.A.13 (Avira), Trojan-Dropper.Win32.Fainli (Ikarus).
Explanation :
TrojanDropper:Win32/Fainli.A is a trojan that drops several malware in the computer.
Top
TrojanDropper:Win32/Fainli.A is a trojan that drops several malware in the computer. Payload Drops other malware TrojanDropper:Win32/Fainli.A drops the following file: %windir%\temp\11.tmp - detected as Trojan:WinNT/Alureon.H It also modifies the following registry entry to register and load the above malware as a service: Sets value: "ImagePath" With data: "%windir%\temp\11.tmp" To subkey: HKLM\System\CurrentControlSet\Services\<random generated service name> It also drops and executes the following malware using random file names in the default Windows temporary file folder:Trojan:Win32/FakeSpypro Trojan:Win32/Alureon.CT An example file name for the dropped malware is "581f1fee.exe".
Analysis by Marianne MallenLast update 18 June 2010