|Typical Symptoms||Creates file|
|Discovered|| [korea] 2008-08-08
|Scan engine needed||
2008-08-08 [Able to detect & repair]
Trojan.Win32.Downloader.32768.BW does not spread out as itself, and it is downloaded from hacked site or other malicious codes such as Spyware, Adware, Dropper, or etc.
1) Once it is executed, it manipulates registry policy's values for blocking taskmgr.exe use.
[PIC 2] DisableTaskMgr
2) It copies itself under System32 folder as a name of winds32.exe and creates condition to execute by modifying registry.
[PIC 2] Copy itself
[PIC 4] Create executable registry
3.) It tries to access to Internet for downloading malicious codes, but the target sites are blocked and cannot be connected for now.
[PIC 4] Access try
[PIC 5] Access denied
[How to repair]
Reparable by ViRobot engine ver.2011-08-08.01 or above.