Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Gootkit.B

Aliases:Backdoor.Win32.ZZSlash.ddg (Kaspersky), W32.Downadup.B (Symantec), TrojanDropper:Win32/Otlard.C (Microsoft) 
Type of infiltration:Trojan  
Size:349184 B 
Affected platforms:Microsoft Windows 
Signature database version:5109 (20100512) 

Short description

Win32/Gootkit.B is a trojan that installs Win32/Conficker.AW malware. The file is run-time compressed using UPX.

Installation

When executed, the trojan creates the following files:
  • %system%qqqqqqqq.vmx (224214 B, Win32/Conficker.AW)
The trojan creates and runs a new thread with its own program code within the following processes:
  • svchost.exe

Other information

The trojan contains a list of (2) URLs. It tries to download several files from the addresses. The HTTP protocol is used.

These are stored in the following locations:
  • %currentfolder%a.exe
  • %currentfolder%b.exe
The files are then executed.