Jul
01
Filed Under:
VIRUSES DESCRIPTIONS
Trojan.Vundo
01 July 2008
The vundo trojan is usually a dll with a random name located in system32 directory. The length of the file name is usually 5 to 7 characters (depending on the version).
The trojan usually consists of 6 threads named Main thread, Protection thread, Registry Thread, File thread, IEEvents thread, Stop and Recover thread. The trojan has the capability of writing informations about each of these threads in a log file (eventhough most of the versions don’t do that). Trojan.Vundo performs different actions depending on the place where it runs. If it runs from lsass.exe or winlogon.exe it starts the protection mutex. If it runs from Internet Explorer it starts the IEEvents thread.
The trojan usually shows popups (about 100 per day) telling users that they are infected and asking them to download rogue antispyware programs like (SysProtect, Storage Protect and WinFixer).
The trojan usually shows popups (about 100 per day) telling users that they are infected and asking them to download rogue antispyware programs like (SysProtect, Storage Protect and WinFixer).
Find out more information about this security threat .
Article rating:
- |
- Send on Yahoo!
- |
- RSS
Copyright 2010. Site powered by BitDefender