Follow:

 

Trojan:Win32/Abndog.A


Trojan:Win32/Abndog.A is a trojan that downloads arbitrary files from predefined Web sites.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Threat behavior

Trojan:Win32/Abndog.A is a trojan that downloads arbitrary files from predefined Web sites.
Installation
If this trojan is run, it may drop a randomly named file into a randomly named file folder, as in the following example:
 
c:\0001050a\69651
 
Win32/Abndog.A may drop a driver named 'beep.sys' into the Windows system\drivers folder. The purpose of the driver is to help hide the dropped trojan files and to disable antivirus programs.
 
This trojan may drop and run a Batch script utility program named 'C:\del_exe.bat'. This Batch script may delete Win32/Abndog.A and itself.
Payload
Downloads Files
Win32/Abndog.A may attempt to download files from predefined Web sites. The list of sites contacted may include the following:
 
www.vbjmd.cn
why38.cn
www.interoo.net
www.guccia.net
b2c.6e3c0f.com
 
The files retrieved by the trojan may be stored in the temporary Internet folder and executed.
 
Analysis by Neno Lakinski

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.45.287.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Aug 15, 2008
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Dropper/OnlineGameHack.21612 (AhnLab)
  • Trojan.Agent.AJOA (BitDefender)
  • Win32/Drondog.L (CA)
  • DLOADER.Trojan (Dr.Web)
  • a variant of Win32/TrojanDownloader.Agent.OBQ (ESET)
  • Trojan-Downloader.Win32.Agent.wps (Kaspersky)
  • New Malware.aj (McAfee)
  • Trojan.Drondog (Symantec)