Threat Encyclopedia

Home > Threat Center > Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

O
P
Q
R
S
T
U
V
W
X
Y
Z
Glossary

Win32/Goriadu.AA

Aliases:	Trojan.Win32.Goriadu.hi (Kaspersky), Goriadu trojan (McAfee), Trojan Horse (Symantec)
Type of infiltration:	Trojan
Size:	315491 B
Affected platforms:	Microsoft Windows
Signature database version:	4857 (20100211)

Short description

Win32/Goriadu.AA is a trojan which tries to download other malware from the Internet. Trojan is probably a part of other malware.

Installation

The trojan does not create any copies of itself.

Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of 6 URLs. The HTTP protocol is used.

It can execute the following operations:

download files from a remote computer and/or the Internet
run executable files

The trojan may set the following Registry entries:

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices
WinSock2speednet_sph]
"%variable1%" = "%systemroot%system32mswsock.dll"
"%variable2%" = "%systemroot%system32rsvpsp.dll"
"PathName" = "%variable3%"

A string with variable content is used instead of %variable1-3%.

The trojan may create the following files:

%appdata%MyIEDatabrudo.dat
%appdata%MyIEDatamain.ini

All Products:

Cart About ESET Partners United States and Canada

© 2012 ESET North America. All rights reserved. Trademarks used herein are trademarks or registered trademarks of ESET spol. s r.o. or ESET North America.
All other names and brands are registered trademarks of their respective companies.