TrojanDownloader:Win32/Dofoil.R

(?)

Encyclopedia entry
Updated: Jun 26, 2012 | Published: Jun 22, 2012

Aliases

Trojan.Win32.Buzus.ltcn

Kaspersky

Troj/Agent-WSW (Sophos)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.

Detection last updated:
Definition: 1.151.543.0
Released: May 21, 2013

Detection initially created:
Definition: 1.129.117.0
Released: Jun 20, 2012

Summary

TrojanDownloader:Win32/Dofoil.R is a trojan that silently downloads and installs other programs without consent. This could include the installation of additional malware or malware components to an affected computer.

Top

Symptoms

System changes

The following system changes may indicate the presence of this malware:

The presence of the following files:

c:\documents and settings\administrator\application data\feeba1.exe

The presence of the following registry modifications:

Adds value: "FlySky"
With data: "c:\documents and settings\administrator\application data\feeba1.exe"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Top

Technical Information (Analysis)

Installation

When executed, TrojanDownloader:Win32/Dofoil.R copies itself to c:\documents and settings\administrator\application data\feeba1.exe.

The malware modifies the following registry entries to ensure that its copy executes at each Windows start:

Adds value: "FlySky"
With data: "c:\documents and settings\administrator\application data\feeba1.exe"
To subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

Payload

Contacts remote host

TrojanDownloader:Win32/Dofoil.R may contact a remote host at havecriticism.info using port 80. Commonly, malware may contact a remote host for the following purposes:

To report a new infection to its author
To receive configuration or other data
To download and execute arbitrary files (including updates or additional malware)
To receive instruction from a remote attacker
To upload data taken from the affected computer

This malware description was produced and published using our automated analysis system's examination of file SHA1 b61c093d45dbbbfa866195018f68fa2ffe572c9c.

Top

Prevention

Take these steps to help prevent infection on your computer.

Top

Recovery

To detect and remove this threat and other malicious software that may have been installed in your computer, run a full-system scan with an up-to-date antivirus product such as the following:

For more information about using antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.