Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

MultiDropper-GP.dr

Feb 17, 2004 12:56PM PST

Date Discovered: 2/9/2004
Date Added: 2/17/2004
Origin: Unknown
Length: 19,295 bytes
12,797 bytes
Type: Trojan

Virus Characteristics

This is trojan simply installs other trojans. It was being installed via an Internet Explorer exploit. Unsuspecting users who navigated to a specified website using a vulnerable web browser would become infected.

At the time of this writing the website in question is no longer responding.

Upon visiting the infectious web page, the Exploit-MhtRedir trojan would download and access a Microsoft Compiled Help file (CHM.CHM). Within this CHM file exists an HTML document LAUNCH.HTML, which contains the Exploit-CodeBase trojan to run the file MSTASK.EXE, which is the MultiDropper-GP.a trojan .



Indications of Infection

Presence of the following files:

%WinDir%\msto32.dll (3,072 bytes) - KeyHook.dll application
%WinDir%\svchost.exe (12,288 bytes) - Spy-Tofger trojan
%WinDir%\sysini.ini
%WinDir%\Downloaded Program Files\mstasks.exe (25,852 bytes) - MultiDropper-GP.a trojan
%SysDir%\mstu.exe (6,656 bytes) - ProcKill-BM trojan
%SysDir%\wingua.exe (4,608 bytes) - MultiDropper-GP.b trojan
Where %WinDir% is the Windows directory (c:\windows c:\winnt etc) and %SysDir% is the System directory (c:\windows\system32 c:\windows\system etc)



Method of Infection

This trojan is installed via an Internet Explorer vulnerability when visiting an infectious website.


http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=101031

Discussion is locked