Infostealer.Daonol Reborn as Devastating Daonolfix Trojan
Are you familiar with Infostealer.Daonol Trojan? If so, you might have known that previously, user reports equated Infostealer.Daonol to the new version of Conficker. That sounds scary in knowing how Conficker infected millions of computers around the world.
Computer security news sources are announcing a relatively new trojan named Daonolfix, which spreads on forums, could potentially be devastating to a multitude of computers.
Daonolfix belongs to the Win32/Daonol of Infostealer.Daonol family of Trojans and spreads quickly through network and Internet. It is able to control network traffic, steal FTP credentials, prevent access to security Web sites, disable access to system programs and redirect Internet searches to websites which host other viruses from the affected computer.
Daonolfix hasn't been as active as it is now for a while but has tried its recurrence which can slow network traffic and corrupt a user's data throughout FTP Transmission. The Trojan is able to avoid the anti-virus software without being detected by copying itself. When the anti-virus software fails, Daonolfix attracts more malicious scripts and badware from the web, thus making the effected machine prone to other attacks.
Daonolfix saves to the "%System%\sqlsodbc.chm" file. The original "%System%\sqlsodbc.chm" file is overwritten. The Trojan may also try to download files on to the vulnerable computer. When executed, the Trojan copies itself as the particular file location: "%CurrentFolder%\[PARENT FOLDER]\[8 RANDOM CHARACTERS].[3 CHARACTERS]". "[PARENT FOLDER]" denotes the folder one level higher in the file system tree. For instance, if the original threat executable is "%SystemDrive%\Documents" and "Settings\Administrator\[ORIGINAL FILE NAME].exe" it will copy itself to "%SystemDrive%\Documents and Settings\[8 RANDOM CHARACTERS].[3 CHARACTERS]". The Trojan will try to delete itself if a URL that includes the DaonolFix string is accessed.
The Daonolfix trojan is found to be difficult to remove by anti-virus software as it recreates itself when deleted by standard anti-virus software. To prevent Daonolfix Trojan, users are recommended to use a firewall to prevent access or infiltration of their system.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.