Virus Profile: Bredolab.gen.a

Threat Search

Virus Profile information details
Risk Assessment:	Home Low-Profiled \| Corporate Low-Profiled
Date Discovered:	8/20/2009
Date Added:	8/20/2009
Origin:	N/A
Length:	N/A
Type:	Trojan
Subtype:	Generic
DAT Required:	5715
Removal Instructions

Overview
Virus Characteristics
Removal Instructions

Description

--Update on October 28, 2009--

The risk assessment of this threat has been updated to Low-Profiled due to media attention at:

http://www.eweek.com/c/a/Security/Facebook-Password-Spam-Conceals-Malware-Attack-635899/

Indication of Infection

Existence of above mentioned files and Registry keys

Methods of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email spam, etc.

View Virus Characteristics

Virus Characteristics

Upon execution the Bredolab.gen.a copies itself to the following location:

C:\Documents and Settings\%user%\Start Menu\Programs\Startup\isqsys32.exe

It then deletes itself.

It contacts the following domain(s):

mms*****system.ru

Back To Overview View Removal Instructions

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations