TROJ_CSDROP.A

This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It may be manually installed by a user.

It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

This is the Trend Micro detection for files that exhibit certain behaviors.

Arrival Details

This Trojan may be unknowingly downloaded by a user while visiting malicious websites.

It may be manually installed by a user.

Installation

This Trojan creates the following folders:

• %User Profile%\Application Data\Thinstall\{02A4F43E-98ED-4236-9D15-A9FB2C1376F2}
• %User Profile%\Application Data\Thinstall\{02A4F43E-98ED-4236-9D15-A9FB2C1376F2}\1000000600002i
• %User Profile%\Application Data\Thinstall\{02A4F43E-98ED-4236-9D15-A9FB2C1376F2}\1000000b00002i

(Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.)

Dropping Routine

This Trojan drops the following files:

• %User Profile%\Application Data\Thinstall\{02A4F43E-98ED-4236-9D15-A9FB2C1376F2}\1000000600002i\svchost.exe
• %User Profile%\Application Data\Thinstall\{02A4F43E-98ED-4236-9D15-A9FB2C1376F2}\1000000b00002i\rundll32.exe

(Note: %User Profile% is the current user's profile folder, which is usually C:\Windows\Profiles\{user name} on Windows 98 and ME, C:\WINNT\Profiles\{user name} on Windows NT, and C:\Documents and Settings\{user name} on Windows 2000, XP, and Server 2003.)

It executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.

Other Details

This is the Trend Micro detection for:

• Trojanized Adobe Photoshop CS3 software.