Virus:TR/Drop.Filmweb.A.1
Date discovered:06/08/2006
Type:Trojan
In the wild:No
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low to medium
Static file:Yes
File size:160.955 Bytes
MD5 checksum:51fb0ddd7918b6d85c40ae9e7081614c
VDF version:6.34.01.200
IVDF version:6.34.01.206

 General Method of propagation:
   • No own spreading routine


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a malicious file

 Files  It creates the following directory:
   • %TEMPDIR%\nsh4B.tmp



The following files are created:

%TEMPDIR%\ehuupdate32.exe Further investigation pointed out that this file is malware, too. Detected as: TR/Drop.Filmweb.A.2

%TEMPDIR%\nsh4B.tmp\nsExec.dll
%TEMPDIR%\nsh4B.tmp\ns4C.tmp



It tries to execute the following file:

– Filename:
   • %TEMPDIR%\nsh4B.tmp\ns4C.tmp
using the following command line arguments: ehuupdate32.exe

Description inserted by Adriana Popa on Tuesday, August 15, 2006
Description updated by Adriana Popa on Wednesday, August 16, 2006

Back . . . .