98,304 (executable) 62,464 (dll)
(Trojan:win32/Mesoum.A Trj/Multidropper.ROM TR/Patched.BU.6 )
Presence in %windir%\system32 directory of files named w*nte.dll, *esl.dll, msfont*.dll. These are used as temporary files in the infection process.
Please let BitDefender disinfect your files.
Deac Razvan-Ioan, virus researcher
When the executable part of this trojan is ran it drops a dynamic library file in the temp directory of the current user. This dll has a random name such as 97a2ljq.tmp. The executable also infects a dll located in system32 directory and makes it load the malicious file it dropped before. After this it uses an export from the dropped dll to delete itself.
Once it is loaded, the malicious dll tryes to close services belonging to some av products, it infects other dlls in the system32 directory to load the malware and it downloads other malicious files from locations such as: