Virus Database

Trojan.Win32.Dlder.a

Description Trojan.Win32.Dlder.a

This text was written by Alexey Podrezov, F-Secure Corp.
This two-component spyware-Trojan was discovered at the end of December 2001. Once the Trojan is installed on a user's system, it constantly upgrades its main component that connects to the 2001-007.com Web site and reports a user's ID, the Web browser being used and all URLs and all its child windows open. The Trojan violates a user's privacy and opens a security hole in the system by downloading and activating executable files.
This spyware-Trojan is installed with LimeWire, Kazaa and some other software packages along with other spyware. The Trojan is installed even if a user selects not to install any additional components from these packages.
The main Trojan component is an Explorer.exe file that is located in a Windows folder in Explorer subfolder (do not mistake it with the original Windows Explorer.exe). This component is constantly upgraded by the second Trojan component that has the name 'DlDer.exe' and is located in a Windows folder.
The DlDer.exe file, when it is started, downloads an Explorer.exe file from a Web site, and puts it in a WindowsExplorer folder. Then the Trojan creates a start-up key for the Explorer.exe file. Upon the next system restart, the Explorer.exe file is activated, and it creates a start-up key for the DlDer.exe file, and starts to connect to the aforementioned 2001-007.com Web site, reporting a user's ID, Web browser and all URLs visited by a user.
We recommend deleting both Trojan components from an infected system. If these components can't be deleted (locked files), they should be deleted from a pure DOS (in the case of a Windows 9x system), or renamed with different extensions (EXA for example) with immediate system restart (in case of Windows NT/2000/XP system).

Check other viruses! Be aware! Use Antiviral Software

HH&HH.4331

Description HH&HH.4331

This is a harmless memory resident encrypted parasitic virus. It hooks INT 1Ch and 21h, and writes itself to the end of COM files that are executed. While infecting, the virus renames the file to the *.A* name, infects it, and then renames the file back to the original name. On Monday, it outputs the digit 0 to port A0h, B0h, and 41h. It scans the screen for the word "Esik", and if this string is found, the virus, after some time, sets the monitor to graphics-video mode and launches a running ball. This virus contains the text:
#(-28=CIPV]HARD HIT & HEAVY HATE the HUMANS !! [ H.H.& H.H. the H. ]

Valentin Populizeroff & Alexander LovInGodsky - it's a fuck !
MultiScan & Tchechen it's a big ass hole !!!!!!!!!!!!!!!!!!!!
*************************************************************
(c) Gurre, Wadimka, Good Doggy & Grosser-Hide Group Moscow
*******************************************************

HH.1024.a

Description HH.1024.a

This is a very dangerous memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or opened. On March, 25th it erases the hard disk sectors. It contains the text string "HH" that is used as ID-word to identify already infected files.

Home