Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:TR/Dldr.Orangbi
Type:Trojan
Subtype:Downloader
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:5.498 Bytes
MD5 checksum:cf06c38fc9581114f8081666d3acdec4
VDF version:6.33.01.49

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a file
   • Registry modification

 Files It copies itself to the following location:
   • C:\brl\lsass.exe




It tries to download a file:

The location is the following:
   • http://www.net4free.org/Games/orangbiasa/**********
It is saved on the local hard drive under: C:\brl\lsass.exe Furthermore this file gets executed after it was fully downloaded. At the time of writing this file was not online for further investigation.

 Registry The following registry key is changed:

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   Old value:
   • Shell = Explorer.exe
   New value:
   • Shell = Explorer.exe "C:\brl\lsass.exe"

 File details Programming language:
The malware program was written in Visual Basic.


Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • MEW

Description inserted by Andrei Gherman on Thursday, March 2, 2006

Back . . . .