Win32/TrojanDownloader.Femad [Threat Name] go to Threat

Win32/TrojanDownloader.Femad.K [Threat Variant Name]

Category trojan
Size 23040 B
Detection created Aug 02, 2006
Detection database version 3145
Aliases Trojan-Downloader.Win32.Femad.gex (Kaspersky)
  TrojanDownloader:Win32/Femad.B (Microsoft)
  Trojan.DownLoader.132 (Dr.Web)
Short description

Win32/TrojanDownloader.Femad.K is a trojan which tries to download other malware from the Internet.

Installation

The trojan does not create any copies of itself.


The trojan is usually a part of other malware.

Other information

The trojan contains a list of (2) URLs.


It tries to download several files from the addresses.


These are stored in the following locations:

  • %windir%\­qttasks.exe
  • %windir%\­sysdll.reg
  • %windir%\­winlogon.exe

The files are then executed. The HTTP protocol is used.


The trojan may set the following Registry entries:

  • [HKEY_LOCAL_MACHINE\­Software\­Microsoft\­Windows\­CurrentVersion\­Run]
    • "sys" = "regedit -s sysdll.reg"

This causes the trojan to be executed on every system start.

Please enable Javascript to ensure correct displaying of this content and refresh this page.