The Web    Google
7/28: Downloader-NE.dr a New Trojan

7/28: Downloader-NE.dr a New Trojan
July 28, 2004

Downloader-NE.dr is a downloader dropper trojan packed with FSG and injects a DLL component in to the memory space of the Explorer.exe process.

When executed it drops a copy of itself into the %Sysdir% folder as ECT.EXE. For example: C:\Winnt\System32\ECT.EXE

It also drops a DLL file (ERL.EXE) into the same folder. This DLL file is 5,632 bytes in size. This DLL file is injected into the shell process of EXPLORER.EXE.

The following registry keys are created:

Ru11n "wid2.exe" = %Sysdir%\ECT.EXE
Ru11n "wid2.exe" = %Sysdir%\ECT.EXE

This trojan will attempt to download and run a script from a Russian web site.

More information is at McAfee page.

  • 5/3: Kelvir-AM Worm Spreads Via IM
  • Network-1 Offers Centralized Policy Control For Distributed Firewalls
  • Cobalt RaQ 4 Security Flaw Detected
  • 4/12: Mytob-AR Yet Another Variant
  • Citadel's Latest Automates W2K3 Vulnerability Remediation
  • Author of Zafi-B Worm Trailed to Hungary
  • Secure Your Network Against Viruses, Spam
  • 8/17: Mydoom-T Copies Itself in Emails
  • New China Security Fragments Wi-Fi Future
  • 10/12: Forbot-BD Runs in Background
  • 7/8: BackDoor-BDJ Written in MSVC
  • Computer security background information