Trojan.Downloader
Trojan.Downloader Description
Trojan.Downloader is a label that’s used to identify Trojans with the primary purpose of downloading other files onto your computer – usually without your permission. However, Trojan.Downloader variants may also have other functions, such as launching files that Trojan.Downloader downloads, installing PC threats or even disabling your computer’s security. Since a Trojan.Downloader infection is as dangerous as files that Trojan.Downloader downloads, and since these can include highly-invasive PC threats like rootkits and spyware, SpywareRemove.com malware analysts discourage attempts to ignore Trojan.Downloader or remove Trojan.Downloader without help from anti-malware products. Symptoms of a Trojan.Downloader attack may not be very visible, although, in most cases, Trojan.Downloader will make some kind of visible changes to your firewall or network settings.
Deadly Downloads from a Downloader That’s Happy to Avoid Asking for Permission
Trojan.Downloader shares a somewhat-overlapping definition with Trojan.Dropper, since both are used to download and install other types of harmful files on an infected PC. Trojan.Downloader is distinguished from a Trojan.Dropper infection by dint of the fact that Trojan.Downloader is typically-used to refer to an active component of a multi-component infection while a Trojan.Dropper label is often reserved for separate Trojans that install an independent PC threat without coordinating their actions further. A Trojan.Dropper will often try to disguise itself in the form of a desirable file or program and will install an enclosed PC threat, while Trojan.Downloader will commonly-attempt to conceal its presence altogether while Trojan.Downloader downloads PC threats from remote servers.
Typical behavior from Trojan.Downloader that SpywareRemove.com malware experts have noted includes:
- Attempts to bypass the local firewall and other types of network security. Trojan.Downloader may do this by creating visible setting changes (such as by adding its program to your Windows Firewall’s list of exceptions), although this is not always the case.
- Contact with remote servers that host the files that Trojan.Downloader is instructed to download (and, typically, install). In some cases, Trojan.Downloader may also be configured to send out information – such as information that identifies your PC for further attacks.
- The installation of other PC threats. This often includes rogue security programs, browser-redirecting Trojans and spyware. However, SpywareRemove.com malware research team also notes that Trojan.Downloader can be told to download other components for an attack that aren’t considered to be independent PC threats in and of themselves.
How to Find Trojan.Downloader Before Its Payload Makes You Pay
Variants of Trojan.Downloader may display separate files or they may be injected into normal Windows files. You may be able to notice Trojan.Downloader by its unusual usage of RAM and other system resources, which can be observed from Task Manager – regardless of whether Trojan.Downloader is using an independent memory process or riding on the back of a native process. However, you shouldn’t attempt to remove Trojan.Downloader without an appropriate anti-malware program, since many variants of Trojan.Downloader possess self-defensive functions and since Trojan.Downloader will often come with other PC threats.
Examples of widely-distributed types of Trojan.Downloader-based PC threats include Trojan-Downloader.Win32.Banload.bqmv, Trojan-Downloader.Win32.VB.aoff, Win-Trojan/Downloader.141317, Trojan-Downloader.Win32.Bancos and Trojan-Downloader.Apher. SpywareRemove.com malware analysts also noted pointedly that many of these Trojan.Downloader examples pull double-duty in the form of banking Trojans – an example of the multiple levels of functionality that are common to many types of Trojans.
Aliases
Trojan-Downloader.Win32.Delf.ain [VBA32]Trojan-Downloader/W32.Small.152912 [nProtect]Win32.Banker [eSafe]Trojan.Downloader-34408 [ClamAV]Mal/EncPk-DG [Sophos]W32/PolySmall.BP!tr [Fortinet]Adware.Agent.DASF [VirusBuster]Adware/Agent.lv [TheHacker]Hacktool [Symantec]Trojan.Win32.Agent.lv [Sunbelt]
More aliases (128)
Trojan.Downloader Automatic Detection Tool (Recommended)
Is your PC infected with Trojan.Downloader? To safely & quickly detect Trojan.Downloader, we highly recommend you run the malware scanner listed below.
Download SpyHunter's* Malware Scanner to detect Trojan.Downloader
What happens if Trojan.Downloader does not let you open SpyHunter or blocks the Internet?
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read
the tutorials on how to find malware,
kill unwanted processes,
remove malicious DLLs and
delete other harmful files. Always be
sure to back up your PC before making any changes.
- The following files were created in the system:
# File Name Detection Count 1 jkkjigf.dll 672 2 ss245sd.exe 630 3 spoolc.exe 548 4 qiawpbjj.exe 410 5 Gwang.exe 403 6 __c00C0CD.dat 293 7 glwlnvmc.dll 262 8 tool4.exe 241 9 ljjgffc.dll 227 10 mspoolg.dll 169
More files
Registry Modifications
Tutorial: To edit and delete registry entries manually, read the tutorial on
how to remove malicious registry entries.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
Tip & Warning: Editing and removing the wrong registry keys can severely damage your PC, so remember to backup your Windows Registry! To optimize your Windows Registry and speed up your PC, download RegHunter's registry cleaner.
- The following newly produced Registry Values are:
HKEY..\..\{Value}SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler, value: {2C1CD3D7-86AC-4068-93BC-A02304B25319}SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE, value: Update CheckerSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE, value: msconfigSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX, value: Update CheckerSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX, value: AntiVirSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX, value: Windows UpdateSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX, value: msconfigHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}02e224b42629165f6887f7006ca5255478f2a0737c970f2d847a8a5890f32b67amb1avlc8347858cicd45a08dadumprepdwhcdglqe4e87defff1482e11692msms0653405-14619plite731pschdprfrktqjqvqvjnacnkj{0D-D4-40-0C-ZN} - The following CLSID's were detected:
HKEY..\..\{CLSID Path} {2C1CD3D7-86AC-4068-93BC-A02304B25319}{DABFC839-F831-3D1A-A33A-A7D4BA7C8D3D}{64463810-1dd2-11b2-b516-d12a2a9349d5}{bb85f221-f230-420e-943b-6d05d59d2557}{87be23cd-03f6-40ec-8e04-8763b02d24e1}{f15def2c-9d79-4527-97eb-0249dda2b0d9}{9b77af5e-8873-4714-8cb5-3b9fc5f08d3c}{cd4576e2-1dd1-11b2-9019-b8cadbbbf98a}{ca05f27f-7744-41e5-99f6-3f5b64a313b8}{f95ce9c5-6a71-4a6d-ad27-238b5ec28b7d}{6f881c21-308a-4542-96e3-622c66be1b3b}{de6a503f-d346-4564-949a-9df8d20ad8d3}{b1697b83-5da4-48c3-9051-aa23f450a4ae}{529a7a53-3299-4bd0-bb59-df74cc290202}{e903bf51-9028-452d-88e5-de69ae14a026}{e9306072-417e-43e3-81d5-369490beef7c}{9808ba7d-2638-44e4-9610-9712efc469b4}{1516CAC1-5224-0AAF-0216-5E00BBCD8CCF}{c4cd831b-a5e4-4763-a218-084c768dee0e}{f58b2722-ea38-41a4-a0a1-b772025e59e5}{d6575335-5c45-44da-92f8-03002d3216ce}{d7b03c8e-1dd1-11b2-acec-af11156266c3}{0599daa2-f350-4d0e-b5d9-1ff8e8e29430}{0068048F-386D-46D6-A212-EBC90F853F67}{9ecdbad4-4786-407e-abda-6f8e9ffb4005}{8e7ef0bb-ca5d-42ea-8e44-5003b527785c}{321dd63c-3a5f-42be-a702-0ed8c7b9a0ea}{c7389e12-4262-4ec3-9b2a-e19212f3977a}{8C4586DC-DB58-4B44-8AAB-72CF1EFEA458}{a54a2d4e-9056-4503-9f1f-fce9b72e814a}{1BA51A75-AE89-E063-3687-7AF6302BED3F}{1FCA4D55-F109-2968-990B-6B9A02FFFD1F}{6b45b3d0-a80a-437d-9c76-5480c682d1f2}{90b58bb7-2fae-4293-91f1-5339526a355b}{13392b13-5f26-4ef5-820d-efaaaf1fb749}{12792359-f28c-4bf8-94f8-f37748308efb}{5750cfd7-e2fb-4444-beb7-f7a9582909f3}{795a0c3d-4ef0-4299-98a1-4d40dad1321e}{c2431551-17f0-4938-9012-bddeb6317ba2}{61f92c80-455d-445b-a8a9-8ef53df88ea6}{f3ff1d38-4fcd-4b80-8a5d-c273716238e9}{0eaf4179-5c06-4b4d-af44-4b02ac25aef6}{688d7b7f-cc73-4a68-ad8c-3ae2c9de1d19}{52134fce-4c2c-4458-aa18-211da5805626}{8f44c20b-e2c2-413f-bb54-8968540d9476}{48dbc621-6c51-4ef4-9647-9678858246f3}{bb252373-e804-4560-afc9-158820b2cae3}{7DC3167A-D0FD-401C-A1B3-C58448F0CCCA}{eaf0ddd0-0b4f-4c95-9706-cde3f9b2ed74}{ccf4e543-bb30-432c-98f0-4d21ce7c7c8b}
Posted: June 6, 2006 | By SpywareRemove
MoreThreat Level: 9/10
(2 votes, average: 4.50 out of 5)
Loading ...Rate this article:
Detection Count: 3,722
it sucked balls
Thank you i resolve
I found this virus on my computer
trojandownloader:win32/banloader.zac
Does anyone know how to remove this? I’m really not that good at computer lingo and just need plan simply instructions.
Thanks a million
yeah i have the trojan downloader but it doesent show up in proceses uhhh i hate trojan downloader
i am stuck with an trojan
I have a trojan horse downloader.agent2 and i have no idea how to get rid of it. when i click on heal it says that it was interupted by user so can u help me get rid of it please?
thanks
I hope this works…this virus has been bugging me for a while.
I have \”Trojan horse Downloader.Generic\”.
Does anyone know how to get rid of this??????
i have been trying to remove this one: .. trojan-downloader.wma.getcodec.c ….but i cant.. i scanned my pc whith kaspersky.. but it doesnt work… i need some help..!!! plz
Username: theresa Date Posted: 2008-10-13 21:46:28
Comment:
i have been trying to get this trojan.downloader. Zlob.Gen. I delete this file in registry but still exist. How can i delete it manually. Computer experts Please guit me. Thanks.
i have been trying to get this trojan.downloader. off of my computer for two days now..im getting really frustrated with it because it says when i try to open task manager that it is disabled by the administrator..grrr..someone please help me..before i throw my puter away..thanks theresa…aka wtf do i do…?