Trojan.Downloader

Posted: June 6, 2006
Threat Metric
Threat Level: 9/10
Infected PCs 8,078

Trojan.Downloader Description

Trojan.Downloader is a label that's used to identify Trojans with the primary purpose of downloading other files onto your computer – usually without your permission. However, Trojan.Downloader variants may also have other functions, such as launching files that Trojan.Downloader downloads, installing PC threats or even disabling your computer's security. Since a Trojan.Downloader infection is as dangerous as files that Trojan.Downloader downloads, and since these can include highly-invasive PC threats like rootkits and spyware, SpywareRemove.com malware analysts discourage attempts to ignore Trojan.Downloader or remove Trojan.Downloader without help from anti-malware products. Symptoms of a Trojan.Downloader attack may not be very visible, although, in most cases, Trojan.Downloader will make some kind of visible changes to your firewall or network settings.

Deadly Downloads from a Downloader That's Happy to Avoid Asking for Permission

Trojan.Downloader shares a somewhat-overlapping definition with Trojan.Dropper, since both are used to download and install other types of harmful files on an infected PC. Trojan.Downloader is distinguished from a Trojan.Dropper infection by dint of the fact that Trojan.Downloader is typically-used to refer to an active component of a multi-component infection while a Trojan.Dropper label is often reserved for separate Trojans that install an independent PC threat without coordinating their actions further. A Trojan.Dropper will often try to disguise itself in the form of a desirable file or program and will install an enclosed PC threat, while Trojan.Downloader will commonly-attempt to conceal its presence altogether while Trojan.Downloader downloads PC threats from remote servers. However, the two terms are sometimes used in a semi-interchangeable fashion.

Typical behavior from Trojan.Downloader that SpywareRemove.com malware experts have noted includes:

  • Attempts to bypass the local firewall and other types of network security. Trojan.Downloader may do this by creating visible setting changes (such as by adding its program to your Windows Firewall's list of exceptions), although this is not always the case.
  • Contact with remote servers that host the files that Trojan.Downloader is instructed to download (and, typically, install). In some cases, Trojan.Downloader may also be configured to send out information – such as information that identifies your PC for further attacks.
  • The installation of other PC threats. This often includes rogue security programs, browser-redirecting Trojans and spyware. However, SpywareRemove.com malware research team also notes that Trojan.Downloader can be told to download other components for an attack that aren't considered to be independent PC threats in and of themselves.

How to Find Trojan.Downloader Before Its Payload Makes You Pay

Variants of Trojan.Downloader may display separate files or they may be injected into normal Windows files. You may be able to notice Trojan.Downloader by its unusual usage of RAM and other system resources, which can be observed from Task Manager – regardless of whether Trojan.Downloader is using an independent memory process or riding on the back of a native process. However, you shouldn't attempt to remove Trojan.Downloader without an appropriate anti-malware program, since many variants of Trojan.Downloader possess self-defensive functions and since Trojan.Downloader will often come with other PC threats.

Examples of widely-distributed types of Trojan.Downloader-based PC threats include Trojan-Downloader.Win32.Banload.bqmv, Trojan-Downloader.Win32.VB.aoff, Win-Trojan/Downloader.141317, Trojan-Downloader.Win32.Bancos and Trojan-Downloader.Apher. SpywareRemove.com malware analysts also noted pointedly that many of these Trojan.Downloader examples pull double-duty in the form of banking Trojans – an example of the multiple levels of functionality that are common to many types of Trojans.

Aliases


Trojan-Downloader.Win32.Delf.ainTrojan-Downloader/W32.Small.152912Win32.Banker [eSafe]Trojan.Downloader-34408 [ClamAV]Mal/EncPk-DG [Sophos]W32/PolySmall.BP!tr [Fortinet]Adware.Agent.DASFAdware/Agent.lvHacktool [Symantec]Trojan.Win32.Agent.lv [Sunbelt]AppLite [Sophos]AdWare.Win32.Popper.aMedium Risk Virus [Prevx1]Trojan-Clicker.VB.FQAdware/Popper [Panda]
More aliases (128)

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Trojan.Downloader may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%TEMP%Dscp1.exe File name: Dscp1.exe
Size: 371.02 KB (371028 bytes)
MD5: 50a51eed61fd2102fa40e4c11d88c5e3
Detection count: 141
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: August 18, 2018
%SystemDrive%\Documents and Settings\user\Application Data\Microsoft\aamg.exe File name: aamg.exe
Size: 78.33 KB (78337 bytes)
MD5: 09769bab9b1620c49b8f1c0993779b4d
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\user\Application Data\Microsoft\
Group: Malware file
Last Updated: August 24, 2015
%WINDIR%\SysWOW64\Desktop.sysm File name: Desktop.sysm
Size: 78.33 KB (78339 bytes)
MD5: 8e47a67630d5202a0b8798b6607c71ed
Detection count: 90
Mime Type: unknown/sysm
Path: %WINDIR%\SysWOW64\
Group: Malware file
Last Updated: August 24, 2015
svchost.exe File name: svchost.exe
Size: 11.77 KB (11776 bytes)
MD5: c48fdb464f48f9dc72858de1db0c1a18
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
svchosts.exe File name: svchosts.exe
Size: 36.86 KB (36864 bytes)
MD5: 7b69c00ba9f072dd06d61411fc09ded5
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
kqvgxa.dll File name: kqvgxa.dll
Size: 169.98 KB (169984 bytes)
MD5: c146e241a5ec55232ae3aa4059a4e26e
Detection count: 85
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
%TEMP%gacineon.exe File name: gacineon.exe
Size: 135.36 KB (135360 bytes)
MD5: 72e4a2a95b102f332cf1b56d7f67a53b
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: July 23, 2015
b124.exe File name: b124.exe
Size: 207.59 KB (207596 bytes)
MD5: 4c9ecfc80b5a7b024efd9ac1b781e124
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
mc-0-0-0.exe File name: mc-0-0-0.exe
Size: 77.2 KB (77206 bytes)
MD5: 6b9e1479a7de17344efed6df5d69b322
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
winsys3.exe File name: winsys3.exe
Size: 173.38 KB (173386 bytes)
MD5: cdcf60fad1b3cc2d9a3028b6f1082e53
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
ms1.exe File name: ms1.exe
Size: 3.07 KB (3072 bytes)
MD5: af79de8a3240ddad3c7873d4bb094d0a
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
__c00C0CD.dat File name: __c00C0CD.dat
Size: 64.72 KB (64725 bytes)
MD5: 0545294a912933a0e292c0850955d1ce
Detection count: 40
File type: Data file
Mime Type: unknown/dat
Group: Malware file
Last Updated: December 11, 2009
glwlnvmc.dll File name: glwlnvmc.dll
Size: 91.71 KB (91712 bytes)
MD5: d21058fefc643161aa689da2a92f87a2
Detection count: 36
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
psvmon9.exe File name: psvmon9.exe
Size: 504.32 KB (504320 bytes)
MD5: 10c8cb9843e73c1579b7fcd8c4a6fd4a
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 1, 2010
__c005F324.dll File name: __c005F324.dll
Size: 66.05 KB (66052 bytes)
MD5: c25f593b5530bf2b2ae57bc863049886
Detection count: 34
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
vtkhylcg.dll File name: vtkhylcg.dll
Size: 91.71 KB (91712 bytes)
MD5: 08fcb79e0edb4ac8170e9695eed6b03d
Detection count: 32
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
toolbar.exe File name: toolbar.exe
Size: 32.12 KB (32128 bytes)
MD5: 5c33d977da7c7a767a11639376a8a1ba
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
nkwglcqf.dll File name: nkwglcqf.dll
Size: 91.71 KB (91712 bytes)
MD5: 88c87100ff81f30ed74d30836af37784
Detection count: 25
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
{b91413db-d88a-a499-2661-f9f9441c9f46}.dll File name: {b91413db-d88a-a499-2661-f9f9441c9f46}.dll
Size: 329.21 KB (329216 bytes)
MD5: 8e118ebe8cc3ddea1f5920d5bd6b4489
Detection count: 24
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
%SystemDrive%\Documents and Settings\user\Application Data\Microsoft\duxp.exe File name: duxp.exe
Size: 78.34 KB (78341 bytes)
MD5: d9f83ef353411236472345941d4a5e4e
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\user\Application Data\Microsoft\
Group: Malware file
Last Updated: August 24, 2015
xjjqnrc.exe File name: xjjqnrc.exe
Size: 54.78 KB (54784 bytes)
MD5: dd353708977dc36146d65c7caadeb191
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
xecfrunh.dll File name: xecfrunh.dll
Size: 151.1 KB (151104 bytes)
MD5: 00b88f849888b340a4e0d82f8d1628a2
Detection count: 20
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009
gm.exe File name: gm.exe
Size: 61.44 KB (61440 bytes)
MD5: 39bc09e4f3b9c5707cb4244e8b11c936
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
laf1.exe File name: laf1.exe
Size: 15.36 KB (15360 bytes)
MD5: 70cbe5a52541325d441f0a250a1ccea4
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009
H:the librarian solomons mine.exe File name: the librarian solomons mine.exe
Size: 112.14 KB (112141 bytes)
MD5: 2e0089142d4a6eeeb9adc6641bebccef
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: H:
Group: Malware file
Last Updated: August 18, 2011

More files

Registry Modifications


The following newly produced Registry Values are:

CLSID{c2680e10-1655-4a0e-87f8-4259325a84b7}{e9306072-417e-43e3-81d5-369490beef7c}Run keysms

Related Posts

Home Malware Programs Trojans Trojan.Downloader

10 Comments

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.