This Trojan exploits the RTF Stack Overflow vulnerability to drop and execute TROJ_INJECT.ART. This Trojan may be unknowingly downloaded by a user while visiting malicious websites. It arrives as an attachment to email messages spammed by other ... [More]

This backdoor may be unknowingly downloaded by a user while visiting malicious websites. Backdoor Routine This backdoor executes the following commands from a remote malicious user: Enumerates installed packages and running applications o... [More]

The malicious program intercepts the user’s requests to various sites and redirects them to a malicious URL. It also contains a tool for sending phishing messages. It propagates via e-mail and peer-to-peer networks. It is a Windows PE EXE fi... [More]

A malicious program that receives commands from a management server to download other malware to a computer. To ensure that it is launched automatically when the system is started, the program copies its executable file to the autorun directory: ... [More]

The virus starts by decryipting a part of its code in order to resolve its imports. When that is done it searches for the process svchost.exe, injects in it and creates the mutex asd..6567fj.After the virus code has been injected it checks if it runs... [More]

Commonly it commes as an installer so it can drop several files, detected by Bitdefender as adware (Adware.Cinmus) or tojan-downloaders.It modifies the memory of Explorer.exe or Winlogon.exe in order to open UDP ports.Copies itself in %System% folder... [More]

The file is packed and encrypted to hide its malicious code. When is first run, the virus starts a thread that will check if the program is being debugged, and will immediately exit if it discovers an user-level debugger. On next step, will copy itse... [More]

When first run, this malware will make a copy of itself in %SYSDIR%, named systio.exe and then deletes the original file. It will also create a file named systio, where it will save information about users activity. In order to bypass firewall or rou... [More]

The virus comes as a dll, usually under the name mouse_dll.dll or winkey.dll. It exports three functions: WorkOne, WorkOne_t and SecondWork. It is usually dropped by a virus detected as Trojan.Dropper.RRO. When the dropper is executed it creates a di... [More]

Backdoor.BotGet.Ftp?.Gen detects scripts used by some malicious IRC bots (eg: SDBot / Rbot) and worms (eg: Lovgate) in propagation from one computer to another.A worm/bot installed on a machine searches for other computers in the same network or even... [More]