Virus:TR/Dldr.FraudLoa.NC
Date discovered:01/08/2008
Type:Trojan
In the wild:Yes
Reported Infections:Medium
Distribution Potential:Low
Damage Potential:Low
Static file:No
IVDF version:7.00.05.203 - Friday, August 1, 2008

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: XPAntivirus
   •  Mcafee: FakeAlert-AQ trojan
   •  Kaspersky: not-a-virus:FraudTool.Win32.MalwareProtector.r
   •  F-Secure: not-a-virus:FraudTool.Win32.MalwareProtector.r
   •  Panda: Application/AntivirusXP2008
   •  Eset: Win32/TrojanDownloader.FakeAlert.FK trojan
   •  Bitdefender: Trojan.FakeAlert.AAP


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Blocks access to certain websites
   • Drops a file

 Files The following file is created:

%TEMPDIR%\adpg.bat Furthermore it gets executed after it was fully created. This batch file is used to delete a file.

 Hosts – Access to the following domains are redirected to other destinations:
   • mac.com; nytimes.com; download.com; gamespot.com; partypoker.com;
      mediafire.com; geocities.com; megaupload.com; about.com;
      deviantart.com; yourfilehost.com; 56.com; apple.com; adobe.com;
      imagevenue.com; livejournal.com; mininova.com; redtube.com;
      craigslist.com; tinyurl.com; go.com; adultfriendfinder.com;
      skyrock.com; friendster.com; flickr.com; wordpress.com; youporn.com;
      imdb.com; amazon.com; photobucket.com; aol.com; hi5.com; ebay.com;
      rapidshare.com; orkut.com; blogger.com; facebook.com; wikipedia.org;
      microsoft.com; myspace.com; msn.com; live.com; yahoo.com; google.com


 File details Programming language:
 The malware program was written in MS Visual C++.

Description inserted by Thomas Wegele on Wednesday, August 27, 2008
Description updated by Thomas Wegele on Wednesday, August 27, 2008

Back . . . .