Home / malware Trojan:Win32/Alureon.FJ
First posted on 28 September 2011.
Source: SecurityHomeAliases :
There are no other names known for Trojan:Win32/Alureon.FJ.
Explanation :
Trojan:Win32/Alureon.FJ is a trojan that drops a malicious driver, detected as Trojan:WinNT/Alureon.Z, in the affected computer.
Top
Trojan:Win32/Alureon.FJ is a trojan that drops a malicious driver, detected as Trojan:WinNT/Alureon.Z, in the affected computer.
Installation
Trojan:Win32/Alureon.FJ drops a copy of itself in the Temporary Files folder with the following file name format:
- %windir%\Temp\<randomly generated character>.tmp - for example, "7.tmp
It registers itself as a service by adding the following subkey and associated entries:
In subkey: HKLM\system\currentcontrolset\services\<service name>
Sets value: "ImagePath"
With data: "%windir%\Temp\<randomly generated character>.tmp"
Payload
Drops other malware
Trojan:Win32/Alureon.FJ drops a driver, for example "%windir%\Temp\a.tmp". The driver, which is detected as Trojan:WinNT/Alureon.Z, is injected into the "spooler" service. Trojan:Win32/Alureon.FJ can then manually restarted this service so that its dropped driver also runs.
Analysis by Marianne Mallen
Last update 28 September 2011
