Trojan.Dropper.Binder.B

SYMPTOMS:

Trojan.Dropper.Binder.B is a file binder for the Windows platform. It is used for merging other trojan/backdoors (such as Trojan.Proxy.Agent.ES) into one standalone executable.

This virus tool appends any custom application and document to its body, which is then ready to be delivered.

TECHNICAL DESCRIPTION:

When executed, the binded file drops the document in

%Temp%\Summary on China's 2006 Defense White paper.doc

and opens it with the system's default editor, also drops

%Temp%\sav.exe

and executes it as a hidden application, in the background.

On systems with Microsoft Office installed, if the doc file is specially crafted, it can exploit some vulnerability in Microsoft Word and execute remote code.

Removal instructions:

Please let BitDefender disinfect your files.

ANALYZED BY:

Mihai Calota, virus researcher