Selected viruses, spyware, and other threats: sorted alphabetically
You can download the removal tool here . Note:
"..\" denotes the folder one level higher in the file system tree. A string with variable content is used instead of %random1-2% .
In order to be executed on every system start, the trojan sets the following Registry entry:The data is saved in the following file: The trojan hooks the following Windows APIs: The trojan terminates processes with any of the following strings in the name: The trojan quits immediately if it detects a running process containing one of the following strings in its name: The trojan can redirect results of online search engines to web sites that contain adware.
The trojan can download and execute a file from the Internet.
Short description
Win32/Daonol.C is a trojan that steals passwords and other sensitive information. The file is run-time compressed using UPX . Installation
When executed, the trojan creates the following files: - ..\%currentfolder%\%random1%.%random2%
"..\" denotes the folder one level higher in the file system tree. A string with variable content is used instead of %random1-2% .
In order to be executed on every system start, the trojan sets the following Registry entry:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Drivers32]
"aux2" = "%currentfolder%\..\%random1%.%random2%"
Information stealing
Win32/Daonol.C is a trojan that steals passwords and other sensitive information. The following information is collected: - FTP accounts data
- %system%\sqlsodbc.chm
Other information
The trojan blocks access to any domains that contain any of the following strings in their name: - Adob
- AVG
- AVPU
- CAUp
- clamav
- CreateProcessW [kernel32.dll]
- connect [ws2_32.dll]
- send [ws2_32.dll]
- WSARecv [ws2_32.dll]
- WSASend [ws2_32.dll]
- recv [ws2_32.dll]
- .bat
- .reg
- reged
- gmer
- le38
The trojan can download and execute a file from the Internet.
