 | |  |
|
Trojan:Win32/Duqu.B
(?)
Encyclopedia entry
Updated:
Oct 19, 2011
| Published:
Oct 15, 2011
Aliases
Worm/Win32.Stuxnet
(AhnLab)
Alert Level
(?)
Severe
Antimalware protection details
Microsoft recommends that you download the
latest definitions
to get protected.
Detection initially created:
Definition: 1.113.1728.0
Released: Oct 15, 2011
|
Summary
Trojan:Win32/Duqu.B
is a detection for malicious code that has been injected into running processes, such as " lsass.exe", by Trojan:Win32/Duqu.A.
Symptoms
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.
Technical Information (Analysis)
Trojan:Win32/Duqu.B
is a detection for malicious code that has been injected into running processes, such as " lsass.exe", by Trojan:Win32/Duqu.A.
Installation
Trojan:Win32/Duqu.B
is injected into running processes, such as " lsass.exe", by Trojan:Win32/Duqu.A. This trojan could create a new instance of the default web browser, as defined by this registry subkey:
HKCR\HTTP\SHELL\OPEN\COMMAND\Default
The newly launched browser has the same privilege as the Windows shell " explorer.exe" and the trojan may inject additional payload code into the process, detected as Trojan:Win32/Duqu.C.
Trojan:Win32/Duqu.B may launch new instances of the following processes and inject payload code into the process:
-
%SystemRoot%\system32\lsass.exe
-
%SystemRoot%\system32\winlogon.exe
-
%SystemRoot%\system32\svchost.exe
Additional Information
For more information about Trojan:Win32/Duqu.C, see the description elsewhere in the encyclopedia.
Analysis by Shawn Wang
Prevention
Recovery
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
| |
 | |  |
