Largest Directoty of Internet Security Software

Internet Security Threats


>> Threats >> Trojan-Downloader.Win32.Small.ddp

Home

Software

Threats

Security
News

Trojan-Downloader.Win32.Small.ddp

RISK LEVEL:2

This Trojan downloads other malicious programs. It is a Windows PE EXE file.It is written in Microsoft Visual C++. It is not packed in any way. The sizeof infected files may vary from 20KB to 27KB.

Once launched, the Trojan extracts a file from itself, and saves it to theC:\Windows directory as "inetloader.dll".

This file will then be registered in the system using regsrv32.exe. It willdownload the following file from the Internet: http://soft.*****incash.com/loader/run.xml. This file contains links to other files, and the paths used to savethem. The Trojan then downloads files from the links given.

At the moment of writing, the “run.xml” file contained links tothe following files:

http://soft.*****incash.com/contextual/ticads.exe — this file will be detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Small.ddp;
http://soft.*****incash.com/popups/tpopup.exe — this file will be detected by Kaspersky Anti-Virus as not-a-virus:AdWare.Win32.Trustin.a;
http://soft.*****incash.com/se/tse.exe — this file will be detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Small.ddp;
http://soft.*****incash.com/tcleaner/tctool.exe — this file will be detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.WarSpy.d;
http://soft.*****incash.com/toolbar/trustinbar.exe — this file will be detected by Kaspersky Anti-Virus as not-a-virus:AdWare.Win32.Azesearch.h;
http://soft.*****incash.com/url/url.exe — this file will be detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Small.ddp.

The downloaded files are saved to the Windows root directory:

%windir%\ticads.exe%windir%\tpopup.exe%windir%\tse.exe%windir%\tctool.exe%windir%\trusnibar.exe%windir%\url.exe

If your computer does not have an up-to-date antivirus, or does not have anantivirus solution at all, follow the instructions below to delete the maliciousprogram:

Delete the original Trojan file (the location will depend onhow the program originally penetrated the victim machine).
Delete the following file:
```
C:\Windows\inetloader.dll
```

Delete the following files:

%windir%\ticads.exe%windir%\tpopup.exe%windir%\tse.exe%windir%\tctool.exe%windir%\trusnibar.exe%windir%\url.exe

Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).

Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=126390

Similar Virus/Threat >>

Trojan-Downloader.Win32.QDown.b

This Trojan downloads other malicious programs from the Internet and launchesthem on the victim machine. The program itself is a Windows PE EXE file. Itis 43008 bytes in size. It is not packed in...

Trojan-Downloader.Win32.Nurech.at

This Trojan downloads files via the Internet without the knowledge or consentof the user. It is a Windows PE EXE file. The file is approximately 28KB insize. It is packed using UPX. The unpacked...

Trojan-Downloader.Win32.Small.jk

This Trojan downloads other programs via the Internet without the knowledgeor consent of the user and launches them on the victim machine. The programitself is a Windows PE EXE file. It is 36,352...

Trojan-Downloader.Win32.IstBar.ah

This Trojan downloads files from the Internet to the victim machine and launchesthem for execution. The Trojan itself is a Windows PE EXE file. It is 16 896bytes in size, and packed using UPX. The...

Trojan-Downloader.Win32.IstBar.bo

This Trojan downloads other programs via the Internet and launches them on thevictim machine without the user’s knowledge or consent. The program itselfis a Windows PE EXE file. It is 8,704...

Trojan-Downloader.Win32.Small.eqn

Trojan-Downloader.Win32.Bagle.cu