Trojan-Dropper.Win32.Juntador.e
Trojan-Dropper.Win32.Juntador.e is a Trojan intended as a carrier of other Trojan to further infect an already compromised computer. Aside from dropping additional threats, it also creates a backdoor port on infected system that allows remote unauthorized access by an attacker.
Alias: Trojan.Dropper, MultiDropper-BN, TROJ_JUNTADOR.A, Backdoor:Win32/Pestdoor.1_0, Trojan-Dropper.Win32.Juntador.E,Troj/Juntador-E
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
Once Trojan-Dropper.Win32.Juntador.e, it will drop malicious files and creates a start-up registry entry. It also alters system settings that may result to disability of security functionalities.
The Trojan also communicates with Internet Relay Chat (IRC) server to receive commands and allow remote attacker to gain full access to the infected computer. It registers self as a Browser Helper Object (BHO) for Internet Explorer to perform its tasks when the browser is executed.
Distribution
Trojan-Dropper.Win32.Juntador.e typically spread through online spam activities like fraud email and Internet campaign. Technically, the Trojan’s primary role is to drop and execute other threat that are not related to one another or does not serve similar purposes.
On a local network, Trojan-Dropper.Win32.Juntador.may spread by exploiting the following vulnerabilities:
- MS04-012: DCOM RPC Overflow Vulnerabilities
- MS04-011: LSASS Overflow Vulnerabilities
It may also spreads on unsecured network-shared resources and drops multiple copies of the Trojan.
Added Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{28CAEFF3-0F18-4036-B504-51D73BD81ABC}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar
HKEY_LOCAL_MACHINE\SOFTWARE\Elitum
HKEY_LOCAL_MACHINE\SOFTWARE\Elitum\EliteToolBar
Associated Files and Folders:%Windir%\EliteToolBar\EliteToolBar version 60.dll %System%\elitemar32.exe %System%\msdirectx.sys %System%\xpjava.exe %Windir%\EliteToolBar %Windir%\EliteToolBar\xml %Windir%\EliteToolBar\xml\categories %Windir%\EliteToolBar\xml\images
How to Remove Trojan-Dropper.Win32.Juntador.e
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. Open your antivirus program and update the virus definition file.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry if there are any. Please refer to 'Added Registry Entries.'[how to edit registry]
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Trojan-Dropper.Win32.Juntador.e. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.