Follow:

 

TrojanDropper:Win32/Dozmot.C


TrojanDropper:Win32/Dozmot.C is a trojan that drops and installs PWS:Win32/Dozmot.C onto the local computer.


What to do now

Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.

Threat behavior

TrojanDropper:Win32/Dozmot.C is a trojan that drops and installs PWS:Win32/Dozmot.C onto the local computer.
Installation
TrojanDropper:Win32/Dozmot.C may be encountered when visiting a malicious Web page, or may be installed by other malware. When run, it drops files having random file names as in the following examples:
 
<system folder>\drivers\<eight random characters>.sys (example: e5jid7my.sys)
<system folder>\<eight random characters>.dll (example: e5jid7my.dll)
 
The registry is modified as in the following examples:
 
Adds value: "sys"
With data: "<system folder>\drivers\e5jid7my.sys"
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
 
Adds value: "dll"
With data: "<system folder>\e5jid7my.dll
To subkey: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate
 
The dropped components are executed using the Windows application "rundll32.exe", after which the dropper deletes itself and terminates.
Additional Information
For more information about PWS:Win32/Dozmot.C, see our description elsewhere in the encyclopedia.
 
Analysis by Cristian Craioveanu

Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).

Prevention


Alert level: Severe
First detected by definition: 1.59.1404.0
Latest detected by definition: 1.173.2181.0 and higher
First detected on: Jun 17, 2009
This entry was first published on: Jun 23, 2009
This entry was updated on: Apr 17, 2011

This threat is also detected as:
  • Win-Trojan/OnlineGameHack.B (AhnLab)
  • Win32/Dogbab!generic (CA)
  • New Malware.aj (McAfee)
  • W32/Packed_Upack.A (Norman)
  • Mal/Dropper-O (Sophos)
  • Infostealer.Gampass (Symantec)