dtneter Posted September 30, 2006 Posted September 30, 2006 (edited) nope Edited January 6, 2013 by Guest
Jani Posted September 30, 2006 Posted September 30, 2006 From Sophos: This section helps you to understand how it behaves Troj/Lamedon-D is a downloader Trojan which tries to download files from a remote location to the Windows folder and run them. The Trojan typically tries to download the following files to the Windows folder: secure.html securea.html secureb.html reg32.exe dl.exe dl.html dlm.exe dlm.html mstasks.exe mstaskss.exe sherlok2.exe kemuri32.exe mssys.exe The Trojan then executes: dl.exe, dlm.exe, mstasks.exe, mstaskss.exe, sherlok2.exe, kemuri32.exe and mssys.exe. The files secure.html, securea.html, secureb.html, dl.html, dlm.html and mstaskss.exe are harmless HTML files. dl.exe and dlm.exe are detected as Troj/lamedon-A. reg32.exe is detected as Troj/Lamedon-E and the file mstasks.exe is detected as Troj/Downldr-DE. The files sherlok2.exe, kemuri32.exe and mssys.exe were unavailable to download at the time of writing. Troj/Lamedon-D also attempts to terminate selected anti-virus and security- related applications.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now