Subscribe
The Trojan harvests data from the victim machine. It performs the following actions:
- makes screenshots;
- logs keystrokes;
- tracks mouse movement.
The Trojan checks for a connection to the Internet. It will use a connection to send harvested data to the remote malicious user's FTP server.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the "runddl.exe" process.
- Delete the following files:
runddl.exe runddl.dat delfile.bat runddlkey.dll
- Delete the following parameters from the system registry (see
What
is a system registry and how do I use it for details on how to edit the registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "runddlfile" = "%CurrentDir%\runddl.exe"
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This Trojan is designed to steal confidential data. This worm is a Windows PE EXE file. It is 569,344 bytes in size. It is not packed in any way. It is written in Delphi.
InstallationWhen launched, the Trojan creates the following files in its working directory:
runddl.exe runddl.dat delfile.bat runddlkey.dll
The Trojan then adds a link to its executable file in the system registry, ensuring that it will be launched when Windows is rebooted on the victim machine:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "runddlfile" = "%CurrentDir%\runddl.exe"
This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
Payload
Hot Articles