General discussion


Date Discovered: 3/5/2004
Date Added: 3/23/2004
Origin: Unknown
Length: 7680
Type: Trojan
SubType: Downloader

Virus Characteristics

When executed on the victim machine, this downloader trojan attempts to download files.
The trojan is UPX packed.

When run, the trojan attempts to disable security software. It targets processes that use the following names:
- update.exe
- explorer.exe
- winlogon.exe
- system.exe
- taskman.exe
- taskmon.exe
- svchost.exe
- services.exe
- wupdmgr.exe
- winspool.exe
- webcheck.exe
- wininet.exe

It copies itself to the WINDOWS + "SYSTEM" directory and creates a registry run key to load itself at system startup:
"System Update" = c:\Windows\System\%Trojan File Name%


Discussion is locked
Reply to: Downloader-HZ
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Downloader-HZ
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.

CNET Forums