TrojanDownloader:Win32/Bubnix.A is a trojan that downloads and executes other malware.
TrojanDownloader:Win32/Bubnix.A may be downloaded or dropped by other malware. It drops a copy of itself in the Windows Temporary Files folder using a randomly-generated file name. To prevent several instances of itself from running in memory, it generates pseudo-randomly named mutexes and events.
Downloads other malware
TrojanDownloader:Win32/Bubnix.A attempts to connect and download a rootkit trojan from the any of the following IP addresses:
If the download is successful, it drops the downloaded rootkit as "<system folder>\driver\<random>.sys". It then registers the rootkit as a kernel driver service with the name "Boot Bus Extender".
Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP, Vista, and 7 is C:\Windows\System32.
Analysis by Rodel Finones
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).