Trojan.Downloader

Posted: June 6, 2006

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	9/10
Infected PCs:	8,223

First Seen:	July 24, 2009
Last Seen:	January 18, 2023
OS(es) Affected:	Windows

Trojan.Downloader is a label that's used to identify Trojans with the primary purpose of downloading other files onto your computer – usually without your permission. However, Trojan.Downloader variants may also have other functions, such as launching files that Trojan.Downloader downloads, installing PC threats or even disabling your computer's security. Since a Trojan.Downloader infection is as dangerous as files that Trojan.Downloader downloads, and since these can include highly-invasive PC threats like rootkits and spyware, SpywareRemove.com malware analysts discourage attempts to ignore Trojan.Downloader or remove Trojan.Downloader without help from anti-malware products. Symptoms of a Trojan.Downloader attack may not be very visible, although, in most cases, Trojan.Downloader will make some kind of visible changes to your firewall or network settings.

Deadly Downloads from a Downloader That's Happy to Avoid Asking for Permission

Trojan.Downloader shares a somewhat-overlapping definition with Trojan.Dropper, since both are used to download and install other types of harmful files on an infected PC. Trojan.Downloader is distinguished from a Trojan.Dropper infection by dint of the fact that Trojan.Downloader is typically-used to refer to an active component of a multi-component infection while a Trojan.Dropper label is often reserved for separate Trojans that install an independent PC threat without coordinating their actions further. A Trojan.Dropper will often try to disguise itself in the form of a desirable file or program and will install an enclosed PC threat, while Trojan.Downloader will commonly-attempt to conceal its presence altogether while Trojan.Downloader downloads PC threats from remote servers. However, the two terms are sometimes used in a semi-interchangeable fashion.

Typical behavior from Trojan.Downloader that SpywareRemove.com malware experts have noted includes:

Attempts to bypass the local firewall and other types of network security. Trojan.Downloader may do this by creating visible setting changes (such as by adding its program to your Windows Firewall's list of exceptions), although this is not always the case.
Contact with remote servers that host the files that Trojan.Downloader is instructed to download (and, typically, install). In some cases, Trojan.Downloader may also be configured to send out information – such as information that identifies your PC for further attacks.
The installation of other PC threats. This often includes rogue security programs, browser-redirecting Trojans and spyware. However, SpywareRemove.com malware research team also notes that Trojan.Downloader can be told to download other components for an attack that aren't considered to be independent PC threats in and of themselves.

How to Find Trojan.Downloader Before Its Payload Makes You Pay

Variants of Trojan.Downloader may display separate files or they may be injected into normal Windows files. You may be able to notice Trojan.Downloader by its unusual usage of RAM and other system resources, which can be observed from Task Manager – regardless of whether Trojan.Downloader is using an independent memory process or riding on the back of a native process. However, you shouldn't attempt to remove Trojan.Downloader without an appropriate anti-malware program, since many variants of Trojan.Downloader possess self-defensive functions and since Trojan.Downloader will often come with other PC threats.

Examples of widely-distributed types of Trojan.Downloader-based PC threats include Trojan-Downloader.Win32.Banload.bqmv, Trojan-Downloader.Win32.VB.aoff, Win-Trojan/Downloader.141317, Trojan-Downloader.Win32.Bancos and Trojan-Downloader.Apher. SpywareRemove.com malware analysts also noted pointedly that many of these Trojan.Downloader examples pull double-duty in the form of banking Trojans – an example of the multiple levels of functionality that are common to many types of Trojans.

Aliases

Win32.Banker [eSafe]Trojan.Downloader-34408 [ClamAV]Mal/EncPk-DG [Sophos]W32/PolySmall.BP!tr [Fortinet]Hacktool [Symantec]Trojan.Win32.Agent.lv [Sunbelt]AppLite [Sophos]Medium Risk Virus [Prevx1]Adware/Popper [Panda]probably a variant of Win32/Adware.Agent [NOD32]Adware:Win32/InternetSpeedMonitor [Microsoft]Generic Downloader.s [McAfee]not-a-virus:AdWare.Win32.Agent.lv [K7AntiVirus]Trojan-Downloader.Win32.VB.nw [Ikarus]Adware/Agent [Fortinet]
More aliases (128)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

C:\Program Files (x86)\Windows Install Logic\Dscp1.exe

File name: Dscp1.exe
Size: 682.9 KB (682908 bytes)
MD5: 28dc9f832567ae7ade596fb013bb2439
Detection count: 7,167
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Windows Install Logic\Dscp1.exe
Group: Malware file
Last Updated: November 1, 2022

C:\Program Files (x86)\Windows Install Logic\Dscp1.exe

File name: Dscp1.exe
Size: 361.83 KB (361833 bytes)
MD5: 5b8072ef176d214f8609e40505008d9b
Detection count: 689
File type: Executable File
Mime Type: unknown/exe
Path: C:\Program Files (x86)\Windows Install Logic\Dscp1.exe
Group: Malware file
Last Updated: November 5, 2022

C:\Users\<username>\AppData\Local\Temp\Dscp1.exe

File name: Dscp1.exe
Size: 371.02 KB (371028 bytes)
MD5: 50a51eed61fd2102fa40e4c11d88c5e3
Detection count: 145
File type: Executable File
Mime Type: unknown/exe
Path: C:\Users\<username>\AppData\Local\Temp\Dscp1.exe
Group: Malware file
Last Updated: November 11, 2022

%SystemDrive%\Documents and Settings\user\Application Data\Microsoft\aamg.exe

File name: aamg.exe
Size: 78.33 KB (78337 bytes)
MD5: 09769bab9b1620c49b8f1c0993779b4d
Detection count: 93
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\user\Application Data\Microsoft
Group: Malware file
Last Updated: August 24, 2015

%WINDIR%\SysWOW64\Desktop.sysm

File name: Desktop.sysm
Size: 78.33 KB (78339 bytes)
MD5: 8e47a67630d5202a0b8798b6607c71ed
Detection count: 90
Mime Type: unknown/sysm
Path: %WINDIR%\SysWOW64
Group: Malware file
Last Updated: August 24, 2015

svchosts.exe

File name: svchosts.exe
Size: 36.86 KB (36864 bytes)
MD5: 7b69c00ba9f072dd06d61411fc09ded5
Detection count: 86
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

%TEMP%\gacineon.exe

File name: gacineon.exe
Size: 135.36 KB (135360 bytes)
MD5: 72e4a2a95b102f332cf1b56d7f67a53b
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: July 23, 2015

b124.exe

File name: b124.exe
Size: 207.59 KB (207596 bytes)
MD5: 4c9ecfc80b5a7b024efd9ac1b781e124
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

file.exe

File name: file.exe
Size: 189.33 KB (189333 bytes)
MD5: dce9b8c6493d477b86b1b4b9d3791eb1
Detection count: 71
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: February 19, 2014

mc-0-0-0.exe

File name: mc-0-0-0.exe
Size: 77.2 KB (77206 bytes)
MD5: 6b9e1479a7de17344efed6df5d69b322
Detection count: 62
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

winsys3.exe

File name: winsys3.exe
Size: 173.38 KB (173386 bytes)
MD5: cdcf60fad1b3cc2d9a3028b6f1082e53
Detection count: 44
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

ms1.exe

File name: ms1.exe
Size: 3.07 KB (3072 bytes)
MD5: af79de8a3240ddad3c7873d4bb094d0a
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

__c00C0CD.dat

File name: __c00C0CD.dat
Size: 64.72 KB (64725 bytes)
MD5: 0545294a912933a0e292c0850955d1ce
Detection count: 40
File type: Data file
Mime Type: unknown/dat
Group: Malware file
Last Updated: December 11, 2009

glwlnvmc.dll

File name: glwlnvmc.dll
Size: 91.71 KB (91712 bytes)
MD5: d21058fefc643161aa689da2a92f87a2
Detection count: 36
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

vshluep.exe

File name: vshluep.exe
Size: 46.59 KB (46592 bytes)
MD5: 283a54a783896f8c94bca40292dbd1f3
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

psvmon9.exe

File name: psvmon9.exe
Size: 504.32 KB (504320 bytes)
MD5: 10c8cb9843e73c1579b7fcd8c4a6fd4a
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: April 1, 2010

bkodembw.dll

File name: bkodembw.dll
Size: 91.71 KB (91712 bytes)
MD5: 6469160c08dd06de022733cbc085a932
Detection count: 34
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

__c005F324.dll

File name: __c005F324.dll
Size: 66.05 KB (66052 bytes)
MD5: c25f593b5530bf2b2ae57bc863049886
Detection count: 34
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

vtkhylcg.dll

File name: vtkhylcg.dll
Size: 91.71 KB (91712 bytes)
MD5: 08fcb79e0edb4ac8170e9695eed6b03d
Detection count: 32
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

toolbar.exe

File name: toolbar.exe
Size: 32.12 KB (32128 bytes)
MD5: 5c33d977da7c7a767a11639376a8a1ba
Detection count: 31
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: January 10, 2022

nkwglcqf.dll

File name: nkwglcqf.dll
Size: 91.71 KB (91712 bytes)
MD5: 88c87100ff81f30ed74d30836af37784
Detection count: 25
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

{b91413db-d88a-a499-2661-f9f9441c9f46}.dll

File name: {b91413db-d88a-a499-2661-f9f9441c9f46}.dll
Size: 329.21 KB (329216 bytes)
MD5: 8e118ebe8cc3ddea1f5920d5bd6b4489
Detection count: 24
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: December 11, 2009

%SystemDrive%\Documents and Settings\user\Application Data\Microsoft\duxp.exe

File name: duxp.exe
Size: 78.34 KB (78341 bytes)
MD5: d9f83ef353411236472345941d4a5e4e
Detection count: 23
File type: Executable File
Mime Type: unknown/exe
Path: %SystemDrive%\Documents and Settings\user\Application Data\Microsoft
Group: Malware file
Last Updated: August 24, 2015

laf1.exe

File name: laf1.exe
Size: 15.36 KB (15360 bytes)
MD5: 70cbe5a52541325d441f0a250a1ccea4
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Group: Malware file
Last Updated: December 11, 2009

H:\the librarian solomons mine.exe

File name: the librarian solomons mine.exe
Size: 112.14 KB (112141 bytes)
MD5: 2e0089142d4a6eeeb9adc6641bebccef
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: H:
Group: Malware file
Last Updated: August 18, 2011

More files

Registry Modifications

The following newly produced Registry Values are:

CLSID{c2680e10-1655-4a0e-87f8-4259325a84b7}{e9306072-417e-43e3-81d5-369490beef7c}Run keysms

10 Comments

theresa says:

October 13, 2008 at 9:46 pm

i have been trying to get this trojan.downloader. off of my computer for two days now..im getting really frustrated with it because it says when i try to open task manager that it is disabled by the administrator..grrr..someone please help me..before i throw my puter away..thanks theresa...aka wtf do i do...?
Anan says:

October 23, 2008 at 10:40 am

Username: theresa Date Posted: 2008-10-13 21:46:28

Comment:
i have been trying to get this trojan.downloader. Zlob.Gen. I delete this file in registry but still exist. How can i delete it manually. Computer experts Please guit me. Thanks.
chris says:

February 8, 2009 at 1:30 am

i have been trying to remove this one: .. trojan-downloader.wma.getcodec.c ....but i cant.. i scanned my pc whith kaspersky.. but it doesnt work... i need some help..!!! plz
Dan says:

October 15, 2009 at 9:34 am

I have \"Trojan horse Downloader.Generic\".
Does anyone know how to get rid of this??????
Susan C says:

November 5, 2009 at 3:15 pm

I hope this works...this virus has been bugging me for a while.
Meaghan says:

December 26, 2009 at 6:51 pm

I have a trojan horse downloader.agent2 and i have no idea how to get rid of it. when i click on heal it says that it was interupted by user so can u help me get rid of it please?
thanks
sewradj says:

September 9, 2010 at 10:20 pm

i am stuck with an trojan
Robert says:

January 12, 2011 at 1:32 am

yeah i have the trojan downloader but it doesent show up in proceses uhhh i hate trojan downloader
NANCY says:

February 19, 2011 at 3:32 pm

I found this virus on my computer

trojandownloader:win32/banloader.zac

Does anyone know how to remove this? I'm really not that good at computer lingo and just need plan simply instructions.

Thanks a million
Mumin says:

April 11, 2011 at 3:02 am

Thank you i resolve