Threat Information for "Trojan.DownLoader.970"

StopSign will automatically remove this infection with a paid membership.

• Name: Trojan.DownLoader.970
• Aliases:TR/Dldr.Small.VN, W32/Downloader.EMQ, Win32:Trojan-gen. {UPX!}, Downloader.Small.13.X, Trojan.Downloader.Delf.CB, Trojan.Downloader.Small-234
• Date Discovered: 2006-08-30
• Protection Added: 2006-08-31

-- Ease of Removal

1: Uses running processes
2: Consistent file contents
3: Consistently named
4: Creates new registry entries with consistent data

-- Privacy Risks/Security Changes

1: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Deletes application files
2: Downloads other threats
3: Creates new files
4: Significantly slows down the computer
5: Autoruns at startup without an option to be disabled

-- Propagation/Saturation

1: Infects by Active-X Control

• Added Directory/File:
  FilePath: %SYSTEMDIR%\?.dat
• Added Directory/File:
  FilePath: %USERDIR%\telnet.exe
• Added Directory/File:
  FilePath: %SYSTEMDIR%\lpt.exe
• Added Directory/File:
  FilePath: %USERDIR%\cc.c
• Added Directory/File:
  FilePath: %SYSTEMDIR%\intron.exe
• Added Directory/File:
  FilePath: %ROOTDRIVE%uu.u
• Added Directory/File:
  FilePath: %USERDESKTOP%\uu.u
• Added Directory/File:
  FilePath: %ROOTDRIVE%?.dat
• Added Directory/File:
  FilePath: %SYSTEMDIR%\cc.c
• Added Directory/File:
  FilePath: %USERDESKTOP%\?.dat
• Added Directory/File:
  FilePath: %SYSTEMDIR%\twink64.exe
• Added Directory/File:
  FilePath: %USERDIR%\uu.u
• Added Directory/File:
  FilePath: %SYSTEMDIR%\ir.exe
• Added Directory/File:
  FilePath: %USERDIR%\?.dat
• Added Directory/File:
  FilePath: %USERDESKTOP%\telnet.exe
• Added Directory/File:
  FilePath: %ROOTDRIVE%cc.c
• Added Directory/File:
  FilePath: %SYSTEMDIR%\uu.u
• Added Directory/File:
  FilePath: %USERDESKTOP%\cc.c
• Added Registry Data:
  Key: HKLM\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: twink64.exe