Follow:

You have been re-routed to the TrojanDownloader:Win32/Obvod.M write up because TrojanDownloader%3aWin32%2fObvod.M has been renamed to TrojanDownloader:Win32/Obvod.M
 

TrojanDownloader:Win32/Obvod.M


Microsoft security software detects and removes this threat.
 
This trojan silently downloads and installs other programs onto your PC without your consent. This can include other malware.


What to do now

The following free Microsoft software detects and removes this threat:

Even if we've already detected and removed this particular threat, running a full scan might find other malware that is hiding on your PC.

You can also visit the Microsoft virus and malware community for more help.

Threat behavior

Installation
When run, TrojanDownloader:Win32/Obvod.M copies itself to c:\documents and settings\all users\application data\rdn7o5qq.exe.
 
The malware creates the following files on your PC:

  • c:\documents and settings\all users\application data\rdn7o5qq.exe.b
  • c:\documents and settings\all users\application data\rdn7o5qq.exe_.b
Payload
Contacts remote host
 
TrojanDownloader:Win32/Obvod.M can contact a remote host at 188.190.98.22 using port 80. Commonly, malware does this to:
  • Report a new infection to its author
  • Receive configuration or other data
  • Download and run files (including updates or additional malware)
  • Receive instruction from a remote attacker
  • Upload data taken from the affected computer
This malware description was produced and published using our automated analysis system's examination of file SHA1 3e8d466956f15628a6bbda68b07274749f0f9b19.

Symptoms

System changes
The following system changes may indicate the presence of this malware:

  • The presence of the following files:

    c:\documents and settings\all users\application data\rdn7o5qq.exe
    c:\documents and settings\all users\application data\rdn7o5qq.exe.b
    c:\documents and settings\all users\application data\rdn7o5qq.exe_.b
 

Prevention


Alert level: Severe
First detected by definition: 1.143.2108.0
Latest detected by definition: 1.185.414.0 and higher
First detected on: Feb 12, 2013
This entry was first published on: Mar 01, 2013
This entry was updated on: Jan 06, 2014

This threat is also detected as:
No known aliases