TROJ_DROPPER.WSD
Posted: August 14, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 9/10 |
---|---|
Infected PCs: | 7 |
First Seen: | August 14, 2012 |
---|---|
Last Seen: | October 18, 2020 |
OS(es) Affected: | Windows |
TROJ_DROPPER.WSD is a Trojan that's distributed as a fake Word document-based petition regarding China's treatment of Taiwan in the Olympics. TROJ_DROPPER.WSD's e-mail-distributed files are of minimal consequence if you delete suspicious spam habitually, but if allowed to launch, TROJ_DROPPER.WSD will install the Trojan TROJ_RUGENT.A onto your computer. Because e-mail messages that distribute TROJ_DROPPER.WSD Trojans also display decoy documents and related images during TROJ_DROPPER.WSD's launch, victims may be unaware of TROJ_DROPPER.WSD's attack – which, like TROJ_RUGENT.A, itself, doesn't display direct symptoms. Given these facts, SpywareRemove.com malware experts remind all PC users that caution should be taken around suspicious file sources, including e-mail-distributed files from strangers, and encourage you use anti-malware software to scan files before opening them.
Turning Political Sympathies Into a Trojan Attack with TROJ_DROPPER.WSD
E-mail messages that distribute TROJ_DROPPER.WSD Trojans are very recognizable due to using Taiwanese political pressure as a social networking hook to encourage readers to sign a fake petition. These spam messages claim to represent a petition for encouraging the United Kingdom to pressure China into showing greater respect to Tibet, and, to this end, cite both recent and past Olympics events. Additional details supposedly are provided in the attached DOC file. While there is an actual Word document that's attached to TROJ_DROPPER.WSD's e-mail messages, this DOC is just one of several files that are compressed together. In addition to their decoy, these e-mail messages also launch two separate versions of TROJ_DROPPER.WSD, which uses a fake SCR extension (an extension reserved for screen savers) for both files.
Besides displaying another distraction in the form of a 'Tibetan Olympics' image, TROJ_DROPPER.WSD also installs a Trojan, TROJ_RUGENT.A. TROJ_RUGENT.A's full functions haven't been completely analyzed, although SpywareRemove.com malware experts note that TROJ_DROPPER.WSD does show some characteristics of including possible backdoor Trojan or Trojan downloader-related attacks. Since TROJ_DROPPER.WSD deletes itself after its payload is executed, there are minimal signs of the presence of malicious software on the affected computer.
Getting the Drop on a TROJ_DROPPER.WSD Trojan
If you delete TROJ_DROPPER.WSD's distinctive Taiwanese-themed e-mails as soon as they arrive in your mailbox, vectors for infection by TROJ_DROPPER.WSD should remain low to nonexistent. Many anti-malware programs also should be able to detect TROJ_DROPPER.WSD prior to its launch, although the usage of file-packing technology may make this difficult for simplistic anti-malware scanners.
Even though it's unnecessary to remove TROJ_DROPPER.WSD from your PC (given that TROJ_DROPPER.WSD is a self-deleting PC threat), TROJ_DROPPER.WSD's payload, TROJ_RUGENT.A should always be removed as soon as possible after infection. SpywareRemove.com malware experts note that TROJ_RUGENT.A's capabilities can be used to steal personal information, download other forms of malicious software or allow criminals to control your PC through botnets – all of which are not-insignificant security risks.
TROJ_DROPPER.WSD may also be detected as W32/Dorifel.GUS!tr, Mal/Behav-112, Trojan.Win32.Generic.pak!cobra or Trojan-Dropper.Win32.Dorifel.gus.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%System%\systimer.exe
File name: %System%\systimer.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.