Troj/DwnLdr-KLB

Troj/DwnLdr-KLB is a Trojan downloader that's designed to contact a remote server and, from it, download other forms of malware that can be used in additional attacks against your computer. Currently, Troj/DwnLdr-KLB attacks are associated with a variant of WM97/ExeDrop-G, a macro-abusing spreadsheet that exploits the macro feature of Windows Office to install other malicious software. Known versions of WM97/ExeDrop-G include both a Sudoku generator and a sermon about the Mayan apocalypse and SpywareRemove.com malware experts strongly discourage enabling macros for suspicious documents. Fortunately, modern versions of Windows disable macros by default, but if your PC is exposed to Troj/DwnLdr-KLB, you should use anti-malware programs to remove Troj/DwnLdr-KLB, WM97/ExeDrop-G and any other related malware from your computer.

Troj/DwnLdr-KLB: A Backup Attack for When Sudoku Fails to Get the Job Done

Troj/DwnLdr-KLB operates very similarly to another WM97/ExeDrop-G-distributed Trojan, Troj/DwnLdr-KLI. In either case, the victim downloads and launches WM97/ExeDrop-G under the assumption that WM97/ExeDrop-G is safe content and WM97/ExeDrop-G then uses the macro feature (which must be enabled before its content is displayed) to install either Troj/DwnLdr-KLB or Troj/DwnLdr-KLI. Previously, SpywareRemove.com malware experts took note of variants of WM97/ExeDrop-G that were disguised as Sudoku games, but the version of WM97/ExeDrop-G that installs Troj/DwnLdr-KLB is disguised as something entirely different: a preacher's blog post about the Mayan prophecy of the supposedly upcoming end of the world.

Unlike the relatively clever Sudoku variant of WM97/ExeDrop-G, this new version of WM97/ExeDrop-G doesn't provide tips on how to enable macros (which, as of an old Windows patch, have been disabled by default), nor does WM97/ExeDrop-G provide any reason why you'd need to enable macros to view its content. However, if you do make the mistake of trustingly enabling macros, Troj/DwnLdr-KLB will be installed and will contact a remote server, thereby allowing Troj/DwnLdr-KLB to install other threats (or be configured for different types of attacks).

Why a Stalled Troj/DwnLdr-KLB Assault Shouldn't Set Your Mind at Ease

Due to the strong similarity between Troj/DwnLdr-KLB and similar PC threats, many PC security experts have speculated that the delivery systems are semi-automated as opposed to being individually designed. As a result, SpywareRemove.com malware experts expect to see many more macro-based Trojan attacks like Troj/DwnLdr-KLB's own in the future. Naturally, the safest thing you can do to protect your PC from Troj/DwnLdr-KLB is never to enable macros for files that you've acquired from suspicious sources.

On the bright side, the server that appears to offer Troj/DwnLdr-KLB's current payload is, at this time, failing to respond to Troj/DwnLdr-KLB's queries. This makes it unlikely that Troj/DwnLdr-KLB will be unable to harm your PC if you remove Troj/DwnLdr-KLB with anti-malware software as quickly as possible. However, since these circumstances may change at any time, SpywareRemove.com malware experts certainly don't recommend that you ignore any possible Troj/DwnLdr-KLB infection on your computer.

Technical Details