W32/Small.AUX!tr

Alias/esTroj/Dloader-OD [Sophos], Trojan-Downloader.Win32.Small.aux [KAV], W32/Downloader.CRN [FProt], W32/Small.AUX!tr
Release DateMay 29, 2005
Detection Availability
Active DatabaseExtended Database
FortiGatelowhigh
FortiClient
FortiMailN/A
Current Antivirus Definition Database Version: 12.202
Description

Visible Symptoms

User may be notified that an application with a random-looking name, such as vxh8jkdq6.exe, is trying to reach the internet.

Detailed Analysis

W32/Small.AUX-tr is a Trojan Downloader. Although it does not have any spreading capabilities by itself, upon execution it silently connects to a malicious web site over the internet and downloads 2 malicious files from there; once retrieved, those are in turn run on the infected computer "under the cloak". The 2 malicous files - named tool1.exe and tool2.exe - are located on http://www.vxiframe.biz, and are detected by Fortinet as W32/Small.AQT-tr and W32/LowZones.Y-tr respectively.
Description Last Updated Date: Jun 22, 2005
Reference: ID - 56317