Home / malware

PDF

Virus:Win32/Bamital.H

First posted on 12 November 2010.
Source: SecurityHome

Aliases :

Virus:Win32/Bamital.H is also known as W32/Bamital.E (Authentium (Command)), Win32/Patched.FS (AVG), TR/Spy.1033728.15 (Avira), Win32.Dat.13 (Dr.Web), Win32/Bamital.EQ (ESET), Virus.Win32.Bamital (Ikarus), Generic.dx!upv (McAfee), Troj/Patched-O (Sophos), Trojan.Win32.Generic!BT (Sunbelt Software).

Explanation :

Virus:Win32/Bamital.H is the detection for the files "explorer.exe" and "winlogon.exe" when they are infected. The infection is caused by TrojanDropper:Win32/Bamital.C.
Top

Virus:Win32/Bamital.H is the detection for the files "explorer.exe" and "winlogon.exe" when they are infected. The infection is caused by TrojanDropper:Win32/Bamital.C. The infected file is used to load a data file, "%ALLUSERPROFILE%\Documents\Server\hlp.dat", for example "c:\Documents and Settings\All Users\Documents\Server\hlp.dat", which contains the bulk of the Bamital payload. The data file is detected as Trojan:Win32/Bamital. Note: The original copies of "explorer.exe" and "winlogon.exe" are saved to "%windir%\temp" by the virus as "explorer.dat" and "winlogon.dat" respectively.

Analysis by Tim Liu & Scott Molenkamp

Last update 12 November 2010

 

TOP