TROJ_DELETER.AB
March 25, 2017
PLATFORM:
Windows
OVERALL RISK RATING:
REPORTED INFECTION:
Threat Type: Trojan
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It restarts the affected system.
TECHNICAL DETAILS
File Size: 4,699,152 bytes
File Type: DLL, EXE
Memory Resident: Yes
Initial Samples Received Date: 23 Mar 2017
Arrival Details
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following component file(s):
- %System%\{random}.exe ← deleter component
- %System%\{random}.txt ← list of folders to delete
- %System%\{random}.bat ← executes deleter
(Note: %System% is the Windows system folder, where it usually is C:\Windows\System32 on all Windows operating system versions.)
Other System Modifications
This Trojan deletes the following folders:
- %ProgramFiles%\AVG
- %ProgramFiles%\AVAST Software
- %ProgramFiles%\Panda Security
- %ProgramFiles%\ESET
- %ProgramFiles%\KASPER~1
- %ProgramFiles%\Avira
- %ProgramFiles%\Softwin
- %ProgramFiles%\Grisoft
- %ProgramFiles%\NORTON~1
- %ProgramFiles%\Microsoft Security Client
- %ProgramFiles%\Baidu Security
Other Details
This Trojan restarts the affected system.
It does the following:
- It deletes the following files:
- Files on System folder
- Files on current folder