|
|
|
|
| Virus Encyclopedia |  |
Riskware | |
Alerts | |
Analysis | |
News | |
Glossary | |
Weblog |
 |
| ||||||
|
| ||||||
|
| ||||||
| ||||||||||
Home / Viruses / Virus Encyclopedia / Malware Descriptions / Trojan Programs / Trojan Downloaders
Trojan-Downloader.Win32.IstBar.genOther versions: .ah, .ay, .bo, .ij, .mx, .nj, .or
This is a generic detection for a family of Trojan downloaders. These malicious programs will download a range of other malicious programs from the Internet to the victim machine. Programs from this family may create the following registry values: [HKLM\SOFTWARE\DR_S] [HKCU\SOFTWARE\DR_S] [HKLM\SOFTWARE\Classes\drs.n\uID] [HKCU\SOFTWARE\Classes\drs.n\uID] All programs in this family have an identical way of getting URLs from where they will download additional malicious programs. Every 30 minutes a program from this family will download a file from, for instance, http://www.adzhooter.com/DR_S/gSD.html. This file contains addresses which direct the Trojan to other sites where it can download additional malicious programs: |5|20050406|
ts|http://www.adzhooter.com/DR_S/bp/as_8_new.exe|1|bs_8_new.exe|1.0|1| adsh|http://www.adzhooter.com/DR_S/bp/afita.exe|2|afita.exe|1.2|1| sfitb|http://www.adzhooter.com/DR_S/bp/SYSsfita.dll|3|SYSsfita.dll|1.0|2 sfitb|| ezu|http://www.adzhooter.com/DR_S/bp/wzStub.exe|3|wzStub.exe|1.0|1| sfisb|http://www.adzhooter.com/DR_S/bp/ReplaceSearch.dll|3|ReplaceSearch sfisb|.dll|1.0|2| | ||||||||||
Copyright © 1996 - 2010
Kaspersky Lab
Industry-leading Antivirus Software
All rights reserved
Email: webmaster@viruslist.com
