Analysis by: Roland Marco Dela Paz


Windows 2000, XP, Server 2003


  • Threat Type: Trojan

  • Destructiveness: No

  • Encrypted: No

  • In the wild: Yes


File Size: 253,317 bytes
File Type: DMG
Memory Resident: No
Initial Samples Received Date: 07 Oct 2010

Other Details

This Trojan does the following:

  • This Trojan is a malicious file that contains prepended codes in its malware body, thus, the file is unable to execute properly.
  • When prepended codes have been removed, Trend Micro detects the resulting executable file as TROJ_MEREDROP.QO.


Minimum Scan Engine: 8.900
VSAPI PATTERN File: 07.522.05
VSAPI PATTERN Date: 07 Oct 2010
VSAPI PATTERN Date: 10/7/2010 12:00:00 AM
VSAPI OPR PATTERN File: 07.523.00
VSAPI OPR PATTERN Date: 07 Oct 2010

Step 1

For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.

Step 2

Remove malware files dropped/downloaded by TROJ_BZUD.G


Step 3

Scan your computer with your Trend Micro product to delete files detected as TROJ_BZUD.G. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.

Did this description help? Tell us how we did.