Trojan.Spy.Webmoner.CE
LOW
LOW
variable
(Backdoor:Win32/Hupigon(OneCare))
Symptoms
Presence of files and services from following desription.
Removal instructions:
Please let BitDefender disinfect your files.
Manual: In "Run" box type "services.msc" , try to identify a service with characteristics like in above description, make a double click on that line and in showed box press "Stop" and then select "Disable" for "Startup type". Try to locate the file specified under "Path to executable" label and delete this file.
Analyzed By
Ovidiu Visoiu, virus researcher
Technical Description:
-In order to outwit the user, the file ofen has an icon of an installer or of a well-known file type(e.g. Media Player files, IE files); also, it may have names like iexplorer or svchost, sometimes modified (svchust);
-It makes a copy in one of the Windows folders and creates a .BAT (Uninstal.bat, delete.bat) file to delete itself from its initial location; the copy will be started as a Windows service. The service description contains only the service name or dobious random characters.
-It tries to download an executable file from suspicious URLs such as lzw791227.vicp.net or hacklwr1986.3322.org
SHARE
THIS ON