Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Mendware (downloader trojan)

Feb 3, 2004 2:45PM PST

Virus Information
Name: Mendware
Risk Assessment
- Home Users: Low
- Corporate Users: Low
Date Discovered: 1/12/2004
Date Added: 2/3/2004
Origin: Unknown
Length: Varies
Type: Trojan

This downloader trojan periodically connects to a remote site to retrieve configuration information. This information is used by the trojan to download and install other programs at the choosing of the user(s) in control of the remote site.

When run, the trojan copies itself to the %Application Data% directory with a random filename. Such as:

c:\Documents and Settings\Administrator\Application Data\walm.exe
A registry run key may get created to load the trojan at system startup (this was not observed during testing):

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\Run Mendware App = %trojan path%
Other marker keys are created under:

HKEY_CURRENT_USER\Software\Rota

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=100994

Discussion is locked