Trojan Horses Definitions(d) - Downloader.Lunii

Downloader.Lunii

Category: Trojan Downloader

Risk: Severe Risk

* Severe threats typically are remotely exploitable vulnerabilities, which can lead to system compromise. Successful exploitation does not normally require any interaction and exploits are in the wild. There exists a high possibility of potential system damage or security flaw. Attacker has complete control over your computer or install new software on your machine.

Description: Downloader.Lunii attempts to download remote files, terminate adware products, and delete files. Downloader.Lunii overwrites the Hosts file with the following text, which blocks access to certain Web sites: 127.0.0.3 allforadult.com 127.0.0.3 www.allforadult.com 127.0.0.3 www.iframe.biz 127.0.0.3 iframe.biz 127.0.0.3 www.newiframe.biz 127.0.0.3 newiframe.biz 127.0.0.3 www.vesbiz.biz 127.0.0.3 vesbiz.biz 127.0.0.3 www.pizdato.biz 127.0.0.3 pizdato.biz 127.0.0.3 www.aaasexypics.com 127.0.0.3 aaasexypics.com 127.0.0.3 www.virgin-tgp.net 127.0.0.3 virgin-tgp.net

Alias: None

Signatures:
process: mstasks2.exe: MD5 Hash:
process: mstasks3.exe: MD5 Hash: 608f6e349ce35c1a9a3
process: mstasks2.exe: MD5 Hash: 2e02a0492b7b906c212
process: sexxx.exe: MD5 Hash:
process: mstasks1.exe: MD5 Hash:
process: mstasks3.exe: MD5 Hash:
process: dktime.exe: MD5 Hash:
process: mstasks1.exe: MD5 Hash: 23225c38218738f84c5
process: paydial.exe: MD5 Hash: 17b018b3251ff2a4eda..

Updated: 02/16/2006
Copyright @2006 THR Computer Solutions: Downloader.Lunii