Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

TROJAN.VUNDO.GEN

 

 

Name:

Trojan.Vundo.gen

Descr. Added:

February 19, 2013

Type:

Trojan

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

Trojan Vundo is part of a malware family that spreads as a polymorphic DLL file (ability to change itself with each mutation) and installs itself as a Browser Helper Object (BHO) without the users consent. Installed as a BHO, it redirect websites entered by the user into Google (and other search engines) to websites of its own choice.

When Trojan.Vundo.gen is executed, it performs the following activities:

It drops files on to the system at the following location:

%WinDir%\System32\[random].dll (ie. C:\Windows\system32\KBDSW095.dll)

Job (.job) files also get created in the %WinDir%\tasks folder allowing the dropped dll to execute at each restart.

Some examples include:
“C:\Windows\system32\rundll32.exe "C:\Windows\system32\KBDSW095.dll",UAOUDSE

"C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\d3d95.dll",Gdhxtfygzd

It creates/modifies the following registry entries:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Random Name: "%WinDir%\system32\rundll32.exe %WinDir%\system32\[dropped DLL name].dll,[random character exported function]
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4