The Web    Google
7/28: Downloader-NE.dr a New Trojan

7/28: Downloader-NE.dr a New Trojan
July 28, 2004

Downloader-NE.dr is a downloader dropper trojan packed with FSG and injects a DLL component in to the memory space of the Explorer.exe process.

When executed it drops a copy of itself into the %Sysdir% folder as ECT.EXE. For example: C:\Winnt\System32\ECT.EXE

It also drops a DLL file (ERL.EXE) into the same folder. This DLL file is 5,632 bytes in size. This DLL file is injected into the shell process of EXPLORER.EXE.

The following registry keys are created:

Ru11n "wid2.exe" = %Sysdir%\ECT.EXE
Ru11n "wid2.exe" = %Sysdir%\ECT.EXE

This trojan will attempt to download and run a script from a Russian web site.

More information is at McAfee page.

  • 2/10: Mydoom-AS a Mass-Mailing Worm
  • 8/20: Rbot-GS Exploits Vulnerabilities
  • 2/24: Agobot-QE a Backdoor Trojan & Worm
  • Group Revises Anti-Piracy License Terms
  • 6/11: W32/Zafi-B Sets Registry Entry
  • Author of Zafi-B Worm Trailed to Hungary
  • 2/25: Looked-C Worm Downloads File
  • More Fortification For Code
  • 2/11: Rbot-VT Worm Has Backdoor Ability
  • 11/29: QLowZones-2 Modifies IE Settings
  • A Jump on Security Advisories (For a Fee)
  • Buy Security Camera