My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus


50 kb
(Trojan:Win32/Danmec.gen!A BDS/Backdoor.Gen)


You will notice increased network activity.
The infection occurs when you are asked by a web page to download a certain video codec in order to see a movie clip that you are interested in.  

Removal instructions:

Please let BitDefender disinfect your computer.

Analyzed By

Mihai Cimpoesu, Virus Researcher

Technical Description:

        The original malware file is a dropper that, after dropping the actual malware iin  %WINDIR%\System32 folder under the name ACPI.exe exits as a process and the deleted itself using a self-delete .bat file.
        As you can see the virus masquaredes itself as a legit service that the windows operating system uses : ACPI stands for Advanced SCSI Programming Interface.

       The virus is a proxy mass mailer that uses a backdoor connection to retrieve configuration data from the attacker. The interesting thing about it tries to connect to  a considerable number of smtp servers that belong to universities and military centers around the world. The list of servers that were uses at testing time is :

         On our tests these servers reject any connection initiated by this malware so they remain secured and immune to any attempt initiated by this particular malware to use them as relay smtp servers to deliver spam.