Home / malware

PDF

Trojan.Gootkit!sdb

First posted on 08 April 2015.
Source: Symantec

Aliases :

There are no other names known for Trojan.Gootkit!sdb.

Explanation :

Trojan.Gootkit!sdb is a detection for the following shim database file dropped by Trojan.Gootkit: %Windir%\AppPatch\Custom\{[RANDOM GUID]}.sdb
Trojan.Gootkit!sdb is loaded by the operating system on the compromised computer when a specific executable file is executed.

The following executable files are known to be registered by Trojan.Gootkit: thunderbird.exethebat.exeservices.exeseamonkey.exesafari.exeoutlook.exeopera.exenavigator.exemyie.exemsmsgs.exemsimn.exemozilla.exemaxthon.exelsass.exeiron.exeiexplore.exefirefox.exefiref.exeexplorer.exeepic.exedragon.exechrome.exeavant.exe
Trojan.Gootkit!sdb contains a patch program that will download a remote program code from the following remote location: [http://]RepVisit.com/rbo[REMOVED]
Trojan.Gootkit!sdb will then execute the program code in the compromised computer's memory.

Last update 08 April 2015

 

TOP