New Trojan Has Real Virus Scanner

ThraxThrax 🐌Austin, TX Icrontian
edited October 2006 in Spyware & Virus Removal
At start-up, the Trojan requests and loads a DLL from the author's command-and-control server.

This then downloads a pirated copy of Kaspersky AntiVirus for WinGate into a concealed directory on the infected system.

It patches the license signature check in-memory in the Kaspersky DLL to avoid having Kaspersky refuse to run due to an invalid or expired license, Stewart said.

Ten minutes after the download of the DLL, it begins to scan the system for malware, skipping files which it detects are part of its own installation.

"Any other malware found on the system is then set up to be deleted by Windows at the next reboot," he added.

Courtesy of: eWeek

Comments

  • DogSoldierDogSoldier The heart of radical Amish country..
    edited October 2006
    Is this thing real? It sounds like a bad movie starring Dolph Lundgren.
Sign In or Register to comment.