TROJ_PATCH.CD |
|
| BugsAlert Home > TROJ_PATCH.CD | |
|
This is the Trend Micro detection for a normal file IEXPLORER.EXE that gets inserted with a malicious code Its characteristic is similar to PE_HUNK variants. However, unlike PE_HUNK this Trojan does not infect *.EXE files. It deletes the file %Systemdir%\dllcache\iexplore.exe. It renames the copy of itself %User_Temp%\ore.exe using the name of the deleted file. It then replaces the deleted file. It creates a backup original copy of the file %ProgramFiles%\Internet Explorer\iexplore.exe and saves it as %User_Temp%\~0re.tmp. Afterwards, it replaces the original file %ProgramFiles%\Internet Explorer\iexplore.exe with the malware copied file %Systemdir%\dllcache\iexplore.exe. As a result, the malware is unknowingly used everytime a user accesses the Internet. It connects to certain URLs that can be used in transmitting system information and possibly enable it to update a copy of itself. However, the said links are currently inaccessible of this writing. Original Source: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PATCH.CD Learn more about TROJ_PATCH.CD |
|
| Tags: troj patch.cd | |
Related Items |
|
|
Vuln: Amber Script Show_Content.PHP Local File Include Vulnerability
|
|
|
CVE-2008-4512
|
|
|
vlBook 1.21 (ALL VERSION)
|
|
|
CVE-2007-6586 (nicLor)
|
|
|
Vuln: Novell GroupWise 'mailto' URI Handler Buffer Overflow Vulnerability
|
|
|
FrSIRT - Ubuntu Security Update Fixes Yelp Format String Vulnerability
|
|
|
E-topbiz Number Links 1 "id" SQL Injection Vulnerability
|
|
