TrojanDownloader:Win32/Drstwex.A is a malware that connects to a remote server to download and execute arbitrary files.

What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
For more information on antivirus software, see

Threat behavior

TrojanDownloader:Win32/Drstwex.A is a trojan that connects to a remote server to download and execute arbitrary files. This trojan may be installed by other malware.
Downloads arbitrary files
In the wild, this trojan has been observed attempting to connect to the following IP addresses using TCP port 8000:
If a connection is successfully established, TrojanDownloader:Win32/Drstwex.A downloads an arbitrary file and saves it into the Temporary folder of the Windows computer. Afterwards, it executes the downloaded file and consequently installs it in the affected computer.
Additional information
At the time of writing, no connection could be successfully established with the remote servers for further analysis. However, these domains have been known to host installers for rogue security software in the past, so it is possible that a rogue could be downloaded into the affected computer.
Analysis by Gilou Tenebro


Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptoms.


Alert level: Severe
First detected by definition: 1.101.301.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Mar 28, 2011
This entry was first published on: Apr 27, 2011
This entry was updated on: Apr 28, 2011

This threat is also detected as:
No known aliases