Home Malware Programs Trojans TrojanDownloader:MSIL/Truado.C

TrojanDownloader:MSIL/Truado.C

Posted: July 19, 2013

TrojanDownloader:MSIL/Truado.C is a Trojan that enters a vulnerable computer system as a download from a malicious website. TrojanDownloader:MSIL/Truado.C uses the file name 'AdobeUpdater.exe' to dupe an affected PC user into downloading and running it. When installed on the compromised PC, TrojanDownloader:MSIL/Truado.C uses an AdobeFlash icon to dupe the victim into thinking it is a legitimate file and running it. Once fake Adobe file runs, TrojanDownloader:MSIL/Truado.C displays the dialog box 'Please wait, check for config files.' to make itself appear like an Adobe update. TrojanDownloader:MSIL/Truado.C creates a copy of itself as '%APPDATA%/startme.exe' in the background. TrojanDownloader:MSIL/Truado.C creates the registry entry to assure that it can run automatically every time the PC user starts the infected computer. TrojanDownloader:MSIL/Truado.C downloads and installs other malware threats. TrojanDownloader:MSIL/Truado.C contacts a remote server to receive instructions on how to download other malware threats.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



AdobeUpdater.exe File name: AdobeUpdater.exe
File type: Executable File
Mime Type: unknown/exe
%APPDATA%/startme.exe File name: %APPDATA%/startme.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Adobe Updater = "%APPDATA%/startme.exe"
Loading...