Trojan.Lodelit
Trojan.Lodelit is a computer Trojan that when executed will attempt to connect to a remote server and download additional threats. Trojan.Lodelit also lowers security settings by disabling any installed security and antivirus programs.
Damage Level: Low
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Characteristics
- Trojan.Lodelit periodically downloads update to itself.
- The Trojan will create registry entries to avoid Windows Firewall.
Distribution
The Trojan spreads in a way that it represents itself as a document file on spam email messages. Opening the attached file will initiate the Trojan and begin to infect files on the system.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%UserProfile%\Application Data\[RANDOM CHARACTERS].exe" = "%UserProfile%\Application Data\[RANDOM CHARACTERS].exe:*:Enabled:Win32load" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"%UserProfile%\Application Data\[RANDOM CHARACTERS].exe" = "%UserProfile%\Application Data\[RANDOM CHARACTERS].exe:*:Enabled:Win32loadAssociated Files and Folders:
%UserProfile%\Application Data\[RANDOM CHARACTERS].exe %Temp%\[RANDOM CHARACTERS].dll
How to Remove Trojan.Lodelit
1. Temporarily Disable System Restore (Windows Me/XP). [how to]
2. To be able to identify even the most recent variant of Trojan.Lodelit, open your antivirus application and update the virus definition file.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 on your keyboard repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Please select Safe Mode with Networking.
- The system will now boot Windows and loads only necessary drivers and files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete, please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Trojan.Lodelit. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.