Threat Information for "Trojan.DownLoader.6909"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Trojan.DownLoader.6909
  • Aliases:TR/Vixup.W, Win32:Small-BEN, Downloader.Small.DD, Trojan.Vixup.W, TrojanDownloader.Small.crc, Win32/Vxidl!generic
  • Date Discovered: 2006-08-18
  • Protection Added: 2006-08-23
Description Top 
-- Ease of Removal

1: Creates new registry entries with consistent data
2: Consistently named
3: Consistent file contents
4: Uses running processes

-- Privacy Risks/Security Changes

1: Transmits personal data to remote computers
2: Downloads other threats

-- Damage/Intrusion/Annoyance

1: Creates third-party icons on desktop [SPYWARE ONLY]
2: Downloads other threats

-- Propagation/Saturation

1: Spreads through Peer-2-Peer software [VIRUS ONLY]
2: Significantly slows down the computer
3: Mimics legitimate file names
4: Creates new files
Technical Details Top
  • Added Directory/File:
    FilePath: %USERAPPDATA%\Microsoft\Internet Explorer\Quick Launch\W1inMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERFAVORITES%\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERDESKTOP%\sysmon.exe
  • Added Directory/File:
    FilePath: %USERPERSONAL%\W1inMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERAPPDATA%\Microsoft\Internet Explorer\Quick Launch\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %COMMONAPPDATA%\ratorefaci\sysrtmvs.exe
  • Added Directory/File:
    FilePath: %USERDESKTOP%\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %USERDESKTOP%\W1inMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERSTARTMENU%\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %USERAPPDATA%\ratorefaci
  • Added Directory/File:
    FilePath: %COMMONAPPDATA%\Microsoft\Internet Explorer\Quick Launch\W1inMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERPROGRAMS%\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERFAVORITES%\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %USERAPPDATA%\ratorefaci\disinstalla.htm
  • Added Directory/File:
    FilePath: %COMMONAPPDATA%\Microsoft\Internet Explorer\Quick Launch\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %USERPERSONAL%\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\sysfind.exe
  • Added Directory/File:
    FilePath: %USERSTARTMENU%\W1inMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERAPPDATA%\Microsoft\Internet Explorer\Quick Launch\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERDESKTOP%\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %COMMONAPPDATA%\ratorefaci
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\sysmon.exe
  • Added Directory/File:
    FilePath: %USERFAVORITES%\W1inMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERPROGRAMS%\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %COMMONAPPDATA%\ratorefaci\disinstalla.htm
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %SYSTEMDIR%\W1inMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERPERSONAL%\e1xplorer.lnk
  • Added Directory/File:
    FilePath: %USERAPPDATA%\ratorefaci\sysrtmvs.exe
  • Added Directory/File:
    FilePath: %COMMONAPPDATA%\Microsoft\Internet Explorer\Quick Launch\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERSTARTMENU%\WinMoviePlugin.lnk
  • Added Directory/File:
    FilePath: %USERDESKTOP%\sysfind.exe
  • Added Directory/File:
    FilePath: %USERPROGRAMS%\W1inMoviePlugin.lnk
  • Added Registry Key:
    Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\1987324.com
  • Added Registry Key:
    Key: HKU\S-*\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\xxx-content.name
  • Added Registry Key:
    Key: HKU\S-*\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\adslconnection.name
  • Added Registry Key:
    Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\xxx-content.name
  • Added Registry Key:
    Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\adslconnection.name
  • Added Registry Key:
    Key: HKU\S-*\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\softlab.name
  • Added Registry Key:
    Key: HKU\S-*\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\1987324.com
  • Added Registry Key:
    Key: HKCU\%CURRENTVERSIONREG%\Internet Settings\ZoneMap\Domains\softlab.name
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: sysmon.exe
  • Added Registry Data:
    Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: ratorefaci