Follow:

 

TrojanDownloader:Win32/Caxnet.B


TrojanDownloader:Win32/Caxnet.B is a trojan downloader that retrieves and installs a variant of Win32/Koutodoor from remote websites.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Threat behavior

TrojanDownloader:Win32/Caxnet.B is a trojan downloader that retrieves and installs a variant of Win32/Koutodoor from a remote website.
Installation
This trojan downloader is installed and run by other malware such as TrojanDownloader:Win32/Esplor.A. When TrojanDownloader:Win32/Caxnet.B executes, it runs its download payload, then exits and deletes itself.
Payload
Downloads Win32/Koutodoor
This trojan downloader attempts to download Backdoor:Win32/Koutodoor.B from a remote website "baiducom.net.cn". The requested file is hosted as "image.jpg" and is saved locally as a randomly named executable such as "yacgpbo.exe" in the Windows system folder. The downloaded file is executed with the parameter "205471". TrojanDownloader:Win32/Caxnet.B then deletes itself and the downloaded executable.
Additional Information
For more information about Backdoor:Win32/Koutodoor.B, see our description elsewhere in the encyclopedia.
 
Analysis by Shali Hsieh

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.67.763.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Oct 13, 2009
This entry was first published on: Nov 06, 2009
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Win-Trojan/Agent.8192.VD (AhnLab)
  • Trojan.Downloader.Small.ABIS (BitDefender)
  • Win32/TrojanDownloader.Agent.PAB (ESET)
  • Trojan-Downloader.Win32.Agent.bsbo (Kaspersky)
  • Generic.dx!o (McAfee)
  • W32/Downloader.WIY (Norman)
  • Troj/DwnLdr-HVK (Sophos)
  • Packed.Generic.199 (Symantec)
  • Trojan.DL.Agent.JOQR (VirusBuster)