Contact
About Avira
Press
Beta test
Language:
English
English
Deutsch
Français
Español
Italiano
Português
Русский
For Home
Avira Antivirus Premium
Avira Internet Security
For Business
Client/Servers
Avira Professional Security
Avira Server Security
Avira Business Security Suite
Avira Endpoint Security
Small Business
Managed Services
Gateways
Avira AntiVir MailGate
Avira MailGate Suite
Avira AntiVir Exchange
Avira AntiVir WebGate
Avira WebGate Suite
Avira AntiVir GateWay Bundle
Avira AntiVir SharePoint
Integration
Anti-Malware SDK (SAVAPI)
Antispam SDK (SPACE)
Rebranding & Bundling
Integration Services
Educational Discount
Support
For Home
Overview
Latest News
Video Tutorials
Knowledgebase
For Business
Overview
Latest News
Knowledgebase
Virus Lab
Virus Descriptions
Statistics
VDF History
About Malware
Viruses In the Wild
Submit Suspicious File
Download
Product Downloads
Technical Documentation
Product Lifecycle
VDF Update
Partner
Partner Locator
Become an Avira Partner
Affiliate
Free
Download
Search
Summary
Full description
Statistics
Alias:
Trojan.Downloader.Small.AIQ,Trojan.DownLoader.1588
Type:
Worm
Size:
4.608 bytes
Origin:
Date:
03-22-2005
Damage:
VDF Version:
6.30.00.42
Danger:
Low
Distribution:
Low
General Description
Affected Platforms:
* Windows 95
* Windows 98
* Windows ME
* Windows NT
* Windows 2000
* Windows XP
* Windows Server 2003
Symptoms
Damage Routine:
- Downloads files
- Terminates processes
Distribution
This trojan gets executed due to security issues in your web browser. To prevent this, it is recommended to increase the security level in your web browser settings, or to update it.
Technical Details
The trojan TR/Dldr.Small.air is a downloader programm, which gets other malwares from the Internet using HTTP-requests. If the trojan downloader is executed, the following files are created on the local computer:
- <%windir%>\mstasks1.exe
- <%windir%>\mstasks2.exe
- <%Windir%>\mstask3.exe
- <%Sysdir%>\paydial.exe
- <%Sysdir%>\systime.exe
- <%Sysdir%>\dktibs.exe
- <%Windir%>\toolbar.exe
The trojan is able to terminate the following processes:
wisadwsfndos.exe
wisadsadndos.exe
intasdsaron.exe
isadsr.exe
lpsadsadt.exe
services.exe
msxmidi.exe
bitmap.tmp
file.exe
exploit.exe
fucker.exe
winmm64.exe
s-PEPE.exe
PEPEmsPE.exe
lpt.exe
ir.exe
intron.exe
intronet.exe
twink64.exe
usb.exe
teur.exe
host32.exe
sidefind.exe
alchem.exe
powerscan.exe
bdl74125.exe
Installer2.exe
ttgkirnl.exe
bargains.exe
WinClt.exe
Winad.exe
istsvc.exe
actalert.exe
optimize.exe
iinstall.exe
fnnmqi.exe
exdl.exe
printer.exe
printer32.exe
ykyrtws.exe
loadclean.exe
telnet.exe
The file <%sysdir%>\drivers\etc\hosts is also changed.
Description inserted by Crony Walker on Tuesday, June 15, 2004
Back
.
.
.
.
