New trojan downloader capable of deleting its downloaded component files – Microsoft

Speed Up My PC

Of all the discovered Trojans and malware suppliers, this find is special in its own way. Discovered as TrojanDownloader:Win32/Nemim.gen!A, this Trojan downloader has the capability of deleting its downloaded components in a way that prevents them from being discovered later on.

MMPC

This malware in the form of a Trojan downloader essentially deletes the downloaded component files in a bid to distance them from being searched on the system and hence preventing them from being analyzed, posing a great risk to the security of the system.

As Microsoft dug deeper in finding out a few bare details, it was ascertained that finding the downloaded component files might be a hard task even with the help of file recovery tools. At this moment, though users may be able to locate a few suspicious file names but may not be able to retrieve its contents, possibly malware.

Below are the component files that we found that this malware downloads and executes, the ones that will eventually be deleted by the malware itself:

  • Virus:Win32/Nemim.gen!A – This is a file infector that attempts to infect executable files in removable drives. Infected files are detected, and subsequently cured, as Virus:Win32/Nemim.A. It appends its code to the Host file but it will not infect other files, rather it will only drop and execute the malware TrojanDownloader:Win32/Nemim.gen!A.
  • PWS:Win32/Nemim.A – This malware is a password stealer that attempts to steal account credentials from the following:
    • Email accounts (SMTP, POP3, HTTP mail, IMAP) that was setup in the system
    • Windows Messenger/Live Messenger
    • Gmail Notifier
    • Google Desktop
    • Google Talk

According to Microsoft Malware Protection Center, this downloader is different from others as it is the medium and the main component too (others are just a medium to deliver the main component, i.e. malware).

In case of an infection, it is very much recommended that you change all your passwords (it was observed that this downloader was downloading a password stealer) and increase security for your sensitive information.

Try using Microsoft Security Essentials, an antivirus solution recommended by Microsoft Malware Protection Center and the one which effectively removes the above-mentioned threats in case of an infection.

Posted by with Tags
Microsoft Student Partner | Computer Science graduate | Loves flirting with technology | Microsoft watcher | Syed Asrarullah lives on the web at @asrartheone.