Follow:

 

TrojanDropper:Win32/Swisyn


Microsoft security software detects and removes this family of threats.

The TrojanDropper:Win32/Swisyn family of malware install and run files on your PC, including other malware and unwanted software.

Trojans in this family can be installed by other malware.



What to do now

The following Microsoft security software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

Threat behavior

Installation

Malware files installed by TrojanDropper:Win32/Swisyn might be embedded as resource files. They are also often bundled with legitimate files to avoid detection.

Payload

Drops other malware

TrojanDropper:Win32/Swisyn drops component files. In the wild, we have seen these trojans installing the following component files in the %APPDATA% folder:

These files can be used to:

  • Report a successful installation to a remote site (for example, <remote site>\1stemail.php)
  • Register malicious DLLs on the infected computer
  • Perform clean-up routine for some dropped files
  • Install application hooks on the infected computer

TrojanDropper:Win32/Swisyn has also been observed installing the following malware:

Analysis by Zarestel Ferrer


Symptoms

System changes

The following system changes may indicate the presence of this malware:

  • The presence of the following files in the %AppData% folder:

    appdata.dll
    dllhost.exe

Prevention


Alert level: Severe
This entry was first published on: Nov 14, 2010
This entry was updated on: Sep 24, 2014

This threat is also detected as:
No known aliases