Trojan.Downloader.Exchanger.Gen.1
HIGH
MEDIUM
60 to 115 KB
(Trojan-Downloader.Win32.Exchanger.bt, Trojan-Downloader.Win32.Agent.uwl, Trj/Downloader.TYQ, Trojan.Erotpics
)
Symptoms
The presence of:
- the file CbEvtSvc.exe in the system directory (usually C:\Windows\System32)
- a service with the name Cbevtsvc.
Removal instructions:
Please let BitDefender delete your infected files.
Analyzed By
Boeriu Laura, virus researcher
Technical Description:
The malware spreads through links in unsolicited/spam e-mail messages, where the user is tricked that he will see explicit videos with celebrities like Angelina Jolie. When clicking the link, the malware will be downloaded and run on the computer.
Once executed, the file copies itself to the system directory (usually c:\windows\system32) as CbEvtSvc.exe and registers itself as a service with the same name that will be automatically started at every system reboot.
In addition, it will connect to a specific server in order to download and execute some other malicious files.
SHARE
THIS ON