Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Win32/Gootkit.C

Aliases:Trojan-Ransom.Win32.XBlocker.zr (Kaspersky), TrojanDownloader:Win32/Otlard.C (Microsoft), Generic.dx!sra (McAfee) 
Type of infiltration:Trojan  
Size:290304 B 
Affected platforms:Microsoft Windows 
Signature database version:5119 (20100516) 

Short description

Win32/Gootkit.C is a trojan that installs Win32.Conficker.AX malware.

Installation

When executed, the trojan creates the following files:
  • %system%qqqqqqqq.vmx (212438 B, Win32/Conficker.AX)
The trojan creates and runs a new thread with its own program code within the following processes:
  • svchost.exe

Other information

The trojan contains a list of (2) URLs. It tries to download several files from the addresses. The HTTP protocol is used.

These are stored in the following locations:
  • %currentfolder%a.exe
  • %currentfolder%b.exe
The files are then executed.