Follow:

 

TrojanDownloader:Win32/Bredolab


TrojanDownloader:Win32/Bredolab is a detection for malware that connects to a remote server to download and execute other files.


What to do now

Use Microsoft Windows Defender, Microsoft Security Essentials, the Microsoft Safety Scanner, or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Threat behavior

TrojanDownloader:Win32/Bredolab is a detection for malware that connects to a remote server to download and execute other files.
 
It is installed to the Startup folder using a variable file name. It injects itself in the 'svchost.exe' and 'explorer.exe' processes.
 
Some of the files detected as TrojanDownloader:Win32/Bredolab use the following names:
 
asgupd32.exe
dfqupd32.exe
dmaupd32.exe
fmnupd32.exe
ihaupd32.exe
imiupd32.exe
legupd32.exe
ppqupd32.exe
rqjupd32.exe
ikowin32.exe
wbhwin32.exe
hcgwin32.exe
fqosys32.exe
lecsys32.exe
necsys32.exe
rncsys32.exe
ysfsys32.exe
zqosys32.exe

 
The following list details just a small selection of the malware known to be downloaded by variants of TrojanDownloader:Win32/Bredolab:
 
 
Analysis by Francis Allan Tan Seng

Symptoms

System changes
The following system changes may indicate the presence of this malware:
  • The presence of any of the following files:
    asgupd32.exe
    dfqupd32.exe
    dmaupd32.exe
    fmnupd32.exe
    ihaupd32.exe
    imiupd32.exe
    legupd32.exe
    ppqupd32.exe
    rqjupd32.exe
    ikowin32.exe
    wbhwin32.exe
    hcgwin32.exe
    fqosys32.exe
    lecsys32.exe
    necsys32.exe
    rncsys32.exe
    ysfsys32.exe
    zqosys32.exe

Prevention


Alert level: Severe
First detected by definition: 1.45.287.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Oct 07, 2008
This entry was first published on: Dec 31, 2009
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Trj/Sinowal.WPD (Panda)
  • Backdoor.Win32.Bredolab.oi (Kaspersky)
  • Backdoor.Bredolab.QB (VirusBuster)
  • Win32/Kryptik.AKO (ESET)
  • Trojan.Bredolab (Symantec)
  • BKDR_BREDOLAB.CL (Trend Micro)