April 10, 2008


Trojan.Drondog modifies '%System%\userinit.exe' and also disables hard disk monitoring programs. The Trojan also downloads additional threats form remote sites.

Files creting when the Trojan is executed.
1). %UserProfile%Local Settings\Temporary Internet Files\[RANDOM FILE NAME].exe

2). %System%\drivers\usbhdd.sys

The trojan also creates a services named 'usbhdd',this service disables certain programs that monitor the changes of the hard disk.

The Trojan then searches for system file %System%\userinit.exe and overwrites the above file with malicious code that downloads other malware from the following remote site.

Systems Affected: All Windows

How to remove Trojan.Drondog ?

Source: Symantec

No comments: