Wednesday, August 24, 2016

Trojan.Mdropper

A Trojan.Mdropper is a type of Trojan whose purpose is to deliver an enclosed payload onto a destination host computer. A dropper is a means to an end rather than the end itself. In other words, the dropper is usually used at the start or in the early stages of a malware attack.

Since March of 2005, certain security software manufacturers have used the detection Trojan.Mdropper to indicate the presence of a specific type of Trojan on an infected computer. These kinds of Trojans can infect versions of Windows going back to Windows 95!

Once this threat is executed, its own code is simply to load itself into memory and then extract the malware payload and write it to the file system. It may perform any installation procedures and execute the newly dropped malware. The dropper usually ceases to execute at this point as its primary function has been accomplished.

Trojan.Mdropper creates the following file(s):

1 %UserProfile%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
2 %Temp%\Word8.0\ShockwaveFlashObjects.exd
3 %Temp%\~WRD0001.doc

Variants include (but are not limited to)  Trojan.Mdropper.Z (Symantec) TROJ_MDROPPER.WR (Trend Micro), Trojan.Mdropper.AA (Symantec), TROJ_MDROPPER.MB (Trend Micro), Trojan.Mdropper.AC (Symantec).

The presence of the following files may also indicate an infection:
ahah.exe
sav.exe
dominoo.exe
inetsyschk.dll
summary on china's 2006 defense white paper.doc
intjnhf.dat
 
This type of threat is used by malware creators to disguise their malware. They create confusion amongst users by making them look like legitimate Microsoft Word or Excel files. They may also perform actions that mislead the user into thinking that nothing untoward is happening on the computer when in fact the Trojan may have already dropped and executed other malicious software.

For a fix, google the complete name of the Mdropper file. example: Trojan.Mdropper.AA

submit to reddit
Send to Kindle


Subscribe to my blog via Kindle!

Show Comments: OR

No comments:

Post a Comment


COMMENTING CHARGES
Per comment rate: $2
Payable by either clicking the BitCoin "tip me" button or the PayPal "donate" button in the sidebar.

WAIT, WHY DO I HAVE TO PAY TO COMMENT?
Because, like the fine publication Tablet, whom I borrowed this concept from, I too am committed to bringing you the best, smartest, most enlightening and entertaining reporting and writing I'm able to provide, all free of charge. I take pride in my loyal readership, and I'm thrilled that you choose to engage with me in a way that is both thoughtful and thought-provoking. But the Internet, for all of its wonders, poses challenges to civilized and constructive discussion, allowing vocal—and, often, anonymous—minorities to drag it down with invective (and worse).

I'm asking people who'd like to post comments on my blog to pay a nominal fee—less a paywall than a gesture of your own commitment to the cause of great conversation. All proceeds go to helping me bring you the provocative and/or entertaining articles that brought you here in the first place.

I NEED TO BE HEARD! BUT I DONT WANT TO PAY.
Readers can still interact with me FREE of charge via Facebook comments and Google+ comments! You can also reach me via Twitter @davelucas

I hope this new largely symbolic measure will help create a more pleasant and cultivated environment for all! Those of you who choose to contribute, thanks for your support.

IMPORTANT:

Your comment will appear after you have made your donation.

All IP addresses are logged.

Your comment will not appear immediately as all messages are vetted before publication.

PS - Any more questions? Check out my Policy & Terms of Use FAQ!

Related Posts Plugin for WordPress, Blogger...
Web Analytics