TrojanDownloader:Win32/Vundo.J Description

TrojanDownloader:Win32/Vundo.J is a Trojan downloader that may drop and execute arbitrary files on the compromised PC.
TrojanDownloader:Win32/Vundo.J comes from the Win32/Vundo family, a multiple-component family of applications that display ‘out of context’ pop-up advertisements. When installed on the affected PC, TrojanDownloader:Win32/Vundo.J makes system changes by adding registry entries and malevolent files. TrojanDownloader:Win32/Vundo.J enters the victimized computer with an icon and version information that varies between samples, which is an executable file with a random name. TrojanDownloader:Win32/Vundo.J is initiated for the first time when the executable file is opened or run. To install itself on the corrupted PC, TrojanDownloader:Win32/Vundo.J uses the certain version information, which will appear in Windows Explorer in the Tiles view. TrojanDownloader:Win32/Vundo.J may use the names, such as Symantec Shared Component, ESET Smart Security and Borland Remote Debugging Server as a form of social engineering to force the victim to open or run the .exe file. TrojanDownloader:Win32/Vundo.J uses the specific icons which have been copied by attackers from genuine software.

Type: Trojans

How Can You Detect TrojanDownloader:Win32/Vundo.J?

TrojanDownloader:Win32/Vundo.J Removal Details

TrojanDownloader:Win32/Vundo.J has typically the following processes in memory:

• A0052127.exe
• TXT.exe
• Dc13.exe

TrojanDownloader:Win32/Vundo.J creates the following registry entries:

• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows = “AppInit_DLLs” = “\.dll”
• HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows = “AppInit_DLLs” = “%SystemRoot%\system32\.dll”

Important Article Disclaimer