PE_LOOKED.MA-O |
|
| BugsAlert Home > PE_LOOKED.MA-O | |
|
This mother file infector arrives on a system either downloaded from the Internet or dropped by another malware. When executed, it creates the folder, uninstall, in the Windows folder and then drops a copy of itself as, RUNDL132.EXE. It also drops the file, RICHDLL.DLL, in the Windows folder. This .DLL file is detected by Trend Micro as TROJ_LOOKED.LU. This mother file infector prepends its code to .EXE files located in drives C:\ to Z:\ of the affected system. All infected files are detected by Trend Micro as PE_LOOKED.MA. It then drops the file, _DESKTOP.INI, in every folder that this mother file infector has searched. Moreover, it waits for active Internet connection and accesses the URL, http://{BLOCKED}90.222.233 to download and execute, on the affected system, files detected by Trend Micro as:
Original Source: http://feeds.trendmicro.com/~r/MalwareTop10/~3/372923927/default5.asp Learn more about PE_LOOKED.MA-O |
|
| Tags: looked.ma-o | |
Related Items |
|
|
Slackware update for libxml2
|
|
|
Mark Rasch: Anti-Social Networking
|
|
|
Gallery Multiple Security Bypass and Cross Site Scripting Vulnerablities
|
|
|
VUPEN - Realtek Media Player Playlist Processing Buffer Overflow Vulnerability
|
|
|
Armen Zambrano Gasparnian: How to show subdirectories in your hg local setup
|
|
|
rPath Linux Security Update Fixes nss_ldap Information Disclosure Issue
|
|
|
unp File Name Handling Command Injection
|
|
