Analysis by: Cris Nowell Pantanilla
 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:
 DAMAGE POTENTIAL:
 DISTRIBUTION POTENTIAL:
 REPORTED INFECTION:

  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes

  OVERVIEW

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Its rootkit functionalities are used by other malware/grayware. It also has rootkit capabilities, which enables it to hide its processes and files from the user.

  TECHNICAL DETAILS

Tipo de compactação: 11,640 bytes
Tipo de arquivo: SYS
Residente na memória: Yes
Data de recebimento das amostras iniciais: 09 Jun 2011

Arrival Details

This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Rootkit Capabilities

This Trojan s rootkit functionalities are used by other malware/grayware.

It also has rootkit capabilities, which enables it to hide its processes and files from the user.

  SOLUTION

Mecanismo de varredura mínima: 8.900
Primeiro arquivo padrão VSAPI: 8.211.00
Data do lançamento do primeiro padrão VSAPI: 09 Jun 2011

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Identify and delete files detected as RTKT_AIONPSW.SMG using either the Startup Disk or Recovery Console

[ Learn More ]

Step 3

Scan your computer with your Trend Micro product to delete files detected as RTKT_AIONPSW.SMG. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.


Did this description help? Tell us how we did.