virus logo Virus

W32/Rux.E!tr.bdr

description-logoAnalysis

  • It drops a copy of itself as undefinedSystemDirundefined\FlyingMarqu.scr.

  • The malware also attempts connection to "wwp.mirabilis.com", note that it used "wwp" instead of "www" and thus would fail this name hosts resolve, mirabilis is a known hosts for ICQ, this malware may possibly intend to using this avenue to obtain backdoor remote commands.


    • recommended-action-logoRecommended Action

    • Make sure that your FortiGate/FortiClient system is using the latest AV database.
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR
    ID 1222
    Released Oct 01, 1998
    Description
    Updated    		 Sep 07, 2015
    Aliases Backdoor.Win32.RUX.30.e, BKDR_RUX.E, Troj/Rux-L, Win32/RUX.30.E trojan
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Backdoor (tr.bdr)