Virus Profile: Multidropper

Threat Search

Virus Profile information details
Risk Assessment:	Home Low \| Corporate Low
Date Discovered:	1/1/0001
Date Added:	7/31/2000
Origin:	Unknown
Length:	N/A
Type:	Trojan
Subtype:	Trojan
DAT Required:	4052
Removal Instructions

Overview
Virus Characteristics
Removal Instructions

Description

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Indication of Infection

Detection by VirusScan - indications are not always noticeable.

Methods of Infection

This trojan will directly install to the local system when run. Typically files created or extracted from the original file are placed in standard locations such as the Windows or Windows\system folders and the registry is modified to load the dropped binaries at Windows startup.

Aliases

Trojan.Win32.TrojanRunner.a, Trojan/Runner-A

Related Viruses

Multidropper.c

View Virus Characteristics

Virus Characteristics

Multidropper is a general term for programs designed specifically to install and run trojans. The trojan user generally runs a program called a joiner or binder to combine a trojan and an innocent program(such as a game) together into one program. Multidroppers generally do not have any payload or infectious capabilities on their own; they only install other trojans. Multidroppers are added to the DATs as they are discovered.

Back To Overview View Removal Instructions

All Users :
Script,Batch,Macro and non memory-resident:
Use current engine and DAT files for detection and removal.

PE,Trojan,Internet Worm and memory resident :
Use specified engine and DAT files for detection. To remove, boot to MS-DOS mode or use a boot diskette and use the command line scanner:

SCANPM /ADL /CLEAN /ALL

Additional Windows ME/XP removal considerations

Users should not trust file icons, particularly when receiving files from others via P2P clients, IRC, email or other mediums where users can share files.

AVERT Recommended Updates :

* Office2000 Updates

* Malformed Word Document Could Enable Macro to Run Automatically (Information/Patch )

* scriptlet.typelib/Eyedog vulnerability patch

* Outlook as an email attachment security update

* Exchange 5.5 post SP3 Information Store Patch 5.5.2652.42 - this patch corrects detection issues with GroupShield

For a list of attachments blocked by the Outlook patch and a general FAQ, visit this link .
Additionally, Network Administrators can configure this update using an available tool - visit this link for more information .

It is very common for macro viruses to disable options within Office applications for example in Word, the macro protection warning commonly is disabled. After cleaning macro viruses, ensure that your previously set options are again enabled.