Posts Tagged ‘Doctor Web’

Doctor Web

New Trojan

The company “Doctor Web” – a Russian developer of IT security – reports on the distribution of the new Trojan Trojan.GBPBoot.1, has an interesting self-healing mechanism.

In terms of ongoing data Trojan malicious functions, Trojan.GBPBoot.1 include relatively primitive malware: it is able to download from the remote server and run on the infected computer various executable files or run programs that are not stored directly on the victim’s computer. This exhausts its malicious payload. However, this Trojan is interesting primarily because it has the ability to seriously oppose attempts to remove it.

Trojan.GBPBoot.1 consists of several modules. The first of these modifies the master boot record (MBR) on the hard disk, and then writes to the end of the appropriate section (outside the file system) module virus installer module automatically restore the Trojan archive file explorer.exe and the sector with the configuration data. Then places the system folder virus installer, run it, and your own file deletes. (more…)

Vulnerability

Malicious Spam

The company “Doctor Web” alerts the user about a wide distribution of 22 October 2012 of malicious spam allegedly from the popular online store Amazon.com.

These letters contain the offer to load the license for Microsoft Windows, however, following the link, the user catches at once two harmful programs (Trojan.Necurs.97 and BackDoor.Andromeda.22) which are ready to forward at any time by request of malefactors on computers of victims other malicious software.

Since October 22, 2012 Internet users began to receive regularly by the message e-mail which sender allegedly is the Internet shop Amazon.com. Letters have the heading Order N [random number] and the following contents: (more…)

Doctor WebThe company “Doctor Web” – a Russian developer of IT security – inform users of the distribution through peer to peer networks Trojan.PWS.Panda.2395 several malicious programs that use a very interesting mechanism to infect computers. These programs are capable of massive DDoS-attacks and send spam.

Infection of the victim’s computer by using the widespread Trojan Trojan.PWS.Panda.2395. In the first stage of infection by Trojan-supported peer to peer network to a PC victims downloaded the executable file that is encrypted malicious module. After successfully decrypt it launches another module that reads the image in computer memory or other malicious applications detected by Dr.Web anti-virus software as one of the members of the family Trojan.DownLoader.

The program is saved to a user account as an executable file with a random name, and then modifies the registry Windows, to give yourself the ability to automatically run along with the operating system loads. (more…)

Doctor WebThe company “Doctor Web” – Russian developer of IT security solutions branded Dr.Web. Strategic objective is to create the best anti-virus tools that meet all current requirements for this class of programs, and the development of new technological solutions that enable users to meet head-on any type of computer threats.

  • Date of the founding of the company “Doctor Web” – 2003
  • Start developing Anti Dr.Web -1992
  • The company’s founder, author of Anti Dr.Web – Igor Danilov

The strategic objective of the company, which focus the efforts of all employees, is to create the best anti-virus tools that meet all current requirements for this class of programs, and the development of new technological solutions that enable users to meet head-on all types of computer threats. (more…)

Virus Alert

The company “Doctor Web” – a Russian developer of IT security – informs spreading the modification of the Trojan family Trojan.Mayachok, added to Dr.Web virus database named Trojan.Mayachok.17516. Despite the fact that this threat has a certain similarity to the widespread Trojan Trojan.Mayachok.1, in its architecture and identified a number of significant differences.

Trojan.Mayachok.17516 is a shared library that is installed with the operating system using a dropper, which, being an executable, in general, decrypts and copies the library to disk. If your operating system is enabled UAC (User Accounts Control, UAC), dropper copies itself to a temporary folder named flash_player_update_1_12.exe and launched for execution.

(more…)

Doctor Web“Doctor Web”: Chinese Trojan infects the boot record

Malicious software includes eight functional modules: the installer, three drivers, shared library and a number of auxiliary components.

Experts of the company “Doctor Web” found a new Trojan horse that infects MBR hard disk. The main goal threat is referral to the author ‘trojan web-sites through the use of its browser.

According to experts, Trojan.Xytets was established in China. It includes eight functional modules installer, three drivers, shared library and a number of auxiliary components.

After running for a potential victim of the system, the Trojan checks if it is not loaded in the virtual machine, and is not being used on the victim machine debugger. When these applications are present on the system, the Trojan informs the remote server and exits. (more…)