virus logo Virus

W32/Groan!tr.bdr

description-logoAnalysis

  • Creates an event object named E8dK894Lm9#sF2i$sOBq2X.

  • Drops the following file:
    • undefinedSYSTEMundefined\wincom32.sys - detected by Fortinet as W32/Groan!tr.rkit.

  • Registers wincom32.sys  as a kernel service named wincom32.

  • Attempts to invoke the wincom32  service to protect itself.

  • Reboots the system after execution.

    • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    ID 326311
    Released Jan 19, 2007
    Description
    Updated    		 Jan 24, 2007
    Aliases Trojan-Downloader.Win32.Agent.bet, Downloader-BAI trojan, TROJ_SMALL.EDW, W32/Downloader.AYEN
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Backdoor (tr.bdr)