TrojanDownloader:Win32/Wintrim.CA

(?)

Encyclopedia entry
Updated: Apr 17, 2011 | Published: Nov 04, 2009

Aliases

Win32/FavNet_i

Trojan-Downloader.Win32.Lipler.iml (Kaspersky)
W32/FakeAV.P!genr (Norman)
Mal/Wintrim-D (Sophos)
Trojan.DL.Wintrim.Gen!Pac.2 (VirusBuster)
Win32/Adware.NaviPromo.AJ (ESET)

Alert Level (?)
Severe

Antimalware protection details
Microsoft recommends that you download the latest definitions to get protected.

Detection last updated:
Definition: 1.71.545.0
Released: Dec 06, 2009

Detection initially created:
Definition: 1.67.519.0
Released: Oct 08, 2009

Summary

TrojanDownloader:Win32/Wintrim.CA is a detection for malware that belong to the Win32/Wintrim family. Members of the Win32/Wintrim family silently download and install additional files onto the infected system. They may monitor user habits and browsing history, and then display advertisements based on these habits.

Top

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Top

Technical Information (Analysis)

Installation

TrojanDownloader:Win32/Wintrim.CA may arrive in the system pretending to be an installer for various legitimate applications, such as the following:

Official eMule

Live Player

Speed Downloading

Original Solitaire

PC Optimizer

When executed, it downloads and installs files into the following folders:

%ProgramFiles%\<application name>
<system folder>
%AppData%

Note - <system folder> refers to a variable location that is determined by the malware by querying the Operating System. The default installation location for the System folder for Windows 2000 and NT is C:\Winnt\System32; and for XP and Vista is C:\Windows\System32.

It may create a mutex, for example 'mymutsglwork', to ensure that only one instance of itself is running at any given time.

Payload

Downloads other malware

TrojanDownloader:Win32/Wintrim.CA connects to the following Web site to download other components, which are also detected as members of the Win32/Wintrim family:

download.favorit-network.com

Analysis by Patrik Vicol

Top

Prevention

Take these steps to help prevent infection on your computer.

Top

Recovery

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as Microsoft Security Essentials, or the Microsoft Safety Scanner. For more information about using antivirus software, see http://www.microsoft.com/security/antivirus/av.aspx.

Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.