W32/Renos.DD
Threat risk
|
Detection files published:
|
Description created:
2006-02-16 |
Description updated:
2006-02-16 |
|
Alias:
FakeAlert.AA(AntiVir - HB+EDV) Spywarestrike.dldr(ScanPM - NAI), Troj/FakeVir-D(Sweep - Sophos) |
Spreading mechanism
Other | |
|
Payload:
Diplays pop-up with a fake warning, attempts to download additional malicious files. | ||
Summary
This is a downloader trojan in the Renos-family assosciated with Zlob, SpyFalcon, SpyAxe/SpywareStrike and Nsag.
File size: 102400 bytes
Spreading description
When the file is run it copies itself to
%Windir%\%System% \dxmpp.dll
It attempts to download the SpyFalcon- installer alias SpyAxe, SpywareStrike, PSGuard, which is a rogue anti- spyware product from the SpyFalcon-site.
This is usually accompanied by Zlob.gen (trojan downloader), Nsag.B (fileinfector virus).
Threat description
Filesize 102400 bytes
The file dxmpp.dll displays a pop-up saying:
Your computer is infected!
Possible harmful infection was detected on your pc.The system will now download and install the most efficient spyware removal program to prevent private data loss and your identity theft.
Click here to protect your PC from the biggest spyware threats.
The icon-section in the down-right corner of your screen displays a shifting icon which resembles the Windows- update icon. When right- or left-clicked it will open a Internet Explorer browser window and attempt to download SpyFalcon. SpyFalcon is a rogue-antispyware product which displays a fake scanner on your screen and shows a mpeg-movie of a scan - it does not perform a real scan of the files on your computer. After the fake scan you will be asked to pay for the product in order for it to clean your computer.
Removal
General information about removal of malicious software
Norman's antivirus products are in general able to remove all malicious software that is detected.
Some malware, however, uses techniques that the general product does not remove sufficiantly. We have therefore developed the free product Norman Malware Cleaner. Please use the latest version of this program from the link below - if your Norman antivirus is unable to clean-up the infection.
| Usage | Title | Comment |
|---|---|---|
| Stopping network share infectors | ||
| Cleaning of back-up folders on Windows Me and XP |
