W32/Small.AUX!tr - Released May 29, 2005 - Last Updated Jun 22, 2005
|
Alias/esTroj/Dloader-OD [Sophos], Trojan-Downloader.Win32.Small.aux [KAV], W32/Downloader.CRN [FProt], W32/Small.AUX!tr |
Detection Availability
|
Visible Symptoms User may be notified that an application with a random-looking name, such as vxh8jkdq6.exe, is trying to reach the internet.
|
Detailed AnalysisW32/Small.AUX-tr is a Trojan Downloader. Although it does not have any spreading capabilities by itself, upon execution it silently connects to a malicious web site over the internet and downloads 2 malicious files from there; once retrieved, those are in turn run on the infected computer "under the cloak".
The 2 malicous files - named tool1.exe and tool2.exe - are located on http://www.vxiframe.biz, and are detected by Fortinet as W32/Small.AQT-tr and W32/LowZones.Y-tr respectively.
|
