Virus:TR/Drop.Keylog.FR
Date discovered:01/10/2009
Type:Application
Subtype:Dropper
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:48.640 Bytes
MD5 checksum:d0ebfa195253537dafb5fa8af59fa368
IVDF version:7.01.06.63 - Thursday, October 1, 2009

 General It was previously detected as:
   •  TR/Crypt.ZACK.Gen


Side effects:
   • Drops a malicious file

 Files The following files are created:

– Non malicious file:
   • %WINDIR%\pst_x32.log

%TEMPDIR%\_mswin32.bat This is a non malicious text file with the following content:
   • :Repeat
     del "%malware execution directory% %executed file% "
     if exist "%malware execution directory% %executed file% " goto Repeat

%SYSDIR%\usbctl.exe Furthermore it gets executed after it was fully created. Further investigation pointed out that this file is malware, too. Detected as: TR/Spy.Keylogger.FR

Description inserted by Lutz Koch on Thursday, October 1, 2009
Description updated by Lutz Koch on Thursday, October 1, 2009

Back . . . .