TROJ_DLOADER.RKY
TROJ_DLOADER.RKY is a Trojan that will download and execute additional threat onto the compromised computer. TROJ_DLOADER.RKY was can automatically connect to a predefined server to download configuration files.
Alias: Packed.Win32.Monder.gen, Vundo, Trojan.Metajuan, TR/Dldr.ConHook.Gen, Troj/ConHook-AJ
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What can TROJ_DLOADER.RKY do to infected system?
- The Trojan will display excessive advertisements when browsing the Internet.
- It will download additional threats from a remote location.
Malicious Files Added by TROJ_DLOADER.RKY
%UserProfile%\Start Menu\Programs\TROJ_DLOADER.RKY\TROJ_DLOADER.RKY.exe
Associated Windows Registry Entries:
HKEY_CLASSES_ROOT\CLSID\68D5CF1D-EC5C-4bdd-A9EF- F0E517565D50} \InprocServer32\”Default” = “%Temp%\[NAME OF TROJAN EXECUTABLE].dll”
TROJ_DLOADER.RKY – Removal
Removing TROJ_DLOADER.RKY Manually:
1. If using Windows ME or XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore]
2. Update the virus definitions.
3. Reboot Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Anti-virus Tools
Scan with Norton Power Eraser:
Norton Power Eraser is a virus removal tool created by Norton Antivirus to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Scan with Portable Antivirus:
Most of the time, Trojan associated with a rogue program will disable Windows functionalities and prevent the compromised computer from executing any application including antivirus program locally installed. If this happens, you can try using a McAfee Portable Antivirus called Stinger. You can download it for free.