TROJ_DLOADER.VIN
by The Uni-Hacker on Aug.26, 2008, under Misc
This Trojan may be downloaded from a remote site. It may also be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this Trojan drops several component files, some of which are detected by Trend Micro as BKDR_SMALL.EKS. It then executes the dropped files. As a result, malicious routines of the dropped files are exhibited on the affected system. It then registers itself as a system service to ensure its automatic execution at every system startup.
It adds a reference to a non-existent file to the Layered Service Provider (LSP) chain by modifying a registry entry. It deletes itself after execution.
It connects to URLs to download malicious files detected by Trend Micro as follows:
- TROJ_PROSCKS.AG
- TROJ_PROSCKS.AF
- TROJ_GAMETHIE.EU
- TROJ_DLOADER.AAAG
- TROJ_PROSCKS.AC
- DIAL_CBHQ
- TSPY_ONLINEG.RMH
- TSPY_GAMPASS.EU
It saves the downloaded files in the Windows system folder. It then executes the downloaded files. As a result, malicious routines of the downloaded files are exhibited on the affected system.
to view the picture in full size.