Cart
Trojan.Downloader.3069.A( TR/Dldr.Agent.3069 Troj/Agent-EL Trojan.Downloader.3069 TROJ_AGENT.GC )
SYMPTOMS: Presence of the following entries in the registry :
For registry key HKCR\CLSID\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}, the subkey InProcServer32\(Default) will be set to the full path to the trojan. For example, one can have HKCR\CLSID\{288C5F13-7E52-4ADA-A32E-F5BF9D125F99}\InProcServer32\(Default) = %Windir%\System32\aaa.dll where aaa.dll is the Trojan.Downloader.3069.A NOTE :
TECHNICAL DESCRIPTION: Trojan.Downloader.3069.A is an adware related DLL. To install on the victim computer, it must be called from another application (such as adware). When called for the first time, it registers itself as a COM object by creating the following registry entries :
Trojan.Downloader.3069.A can download (on behalf of the application calling it) files from specific URLs via HTTP on port 80. After the file is downloaded, it's executed on the client's machine. As such, an application (usualy adware) can download and execute other malware on the client machine by using this trojan. Removal instructions: Please boot your machine in Safe Mode and perform the following 1. Check the following registry entry (by using regedit or any registry editing utility) :
Please delete that file. 2.Delete the following registry entries (by using regedit or any registry editing utility)
ANALYZED BY: Dan Lutas ,virus researcher |
