eScan : Secure – Scalable – Reliable : Antivirus, Content Security and Firewall Protection for Servers and Endpoints

eScan Wiki Forum

eScan Forum RSS

eScan Feeds

Home | Events | Bookmark | Recommend eScan | Technical Support

Our Vision | Management Profile | About us | Careers | News

Virus Information

Summary


Profile	Prevalence: Medium

Name	Trojan.Bredolab.BR
Type	Tojan Dropper
How it spreads	Spreads via e-mail and infected documents
Affected operating systems	Windows® operating systems
Aliases	Generic Dropper.lr, Packed.Win32.Krap.x, 32/Bredolab.T.gen!Eldorado
Date of surface	May 14 2010 12:00AM

Description

Symptoms

Unusual processes might appear in Task Manager.
Possible fake warnings regarding alleged computer infections may be displayed.

Description
This Trojan belongs to the Bredolab family of malware. Trojan.Bredolab.BR differs from its older variants in terms of its behavior. This is because it has a limited functionality-it downloads other malware components to the infected computer. It does not modify any processes like other variants of the Bredolab family.

Though the Trojan is relatively small in terms of the size of its code, the code itself is hidden by a sophisticated custom-packed protection mechanism. This makes it difficult for standard antivirus and malware-detection programs to detect this Trojan on a infected computer.

The Tojan file has a deceptive harmless document-like icon, which when executed unpacks the code. It then tries to connect to various remote IP addresses by using the HTTP protocol and then downloads and executes other malicious software, such as fake antispyware scanners and fake antivirus software.

As already mentioned, this particular variant will do virtually nothing with the exception of downloading other infected files.

Recovery

To remove the Trojan, please follow any of these methods.

Method 1
The latest antivirus update of ‘e Scan removes the Trojan from your computer. Ensure that your computer is connected to the Internet. On the taskbar, in the notification area, right-click the red ‘e Scan icon, and then click Update now. The latest updates will be downloaded on your computer. You can then scan your computer to remove the Trojan.

Method 2
Download the free MicroWorld Antivirus toolkit (MWAV toolkit), and then run it on your computer. This toolkit checks your computer, system registry, and running processes for viruses, illegal dialers, or sniffer tools and then detects them.

You can download the MWAV toolkit from the MicroWorld Web site.

Method 3
MicroWorld’s ‘e Scan Internet Security Suite (ISS) product has a real-time monitor that detects viruses in system registry and running processes.

To download and install this product, click here.

Advanced

| More