PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:
 INFORMATION EXPOSURE:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted:

  • In the wild: Yes

  OVERVIEW

Canal de infecção: Propagates via network shares, Propagates via removable drives

This Trojan is Trend Micro's detection for autorun component files of WORM_DOWNAD variants.

It is dropped by WORM_DOWNAD variants in removable and network drives as AUTORUN.INF.

Once an unsuspecting user opens a drive with this Trojan, the host worm is automatically executed.

  TECHNICAL DETAILS

Tipo de compactação: Varies
Tipo de arquivo: Other
Data de recebimento das amostras iniciais: 27 Apr 2009

NOTES:

This Trojan is Trend Micro's detection for autorun component files of WORM_DOWNAD variants.

It is dropped by WORM_DOWNAD variants in removable and network drives as AUTORUN.INF.

Once an unsuspecting user opens a drive with this Trojan, the host worm is automatically executed.

  SOLUTION

Mecanismo de varredura mínima: 9.300
VSAPI OPR Pattern Version: 5.989.00
VSAPI OPR Pattern veröffentlicht am: 27 Apr 2009

Step 1

Before doing any scans, Windows XP, Windows Vista, and Windows 7 users must disable System Restore to allow full scanning of their computers.

Step 2

Scan your computer with your Trend Micro product to delete files detected as TROJ_DOWNAD.INF. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:


Did this description help? Tell us how we did.