Win32/Rustock [Threat Name] go to Threat

Win32/Rustock.NJB [Threat Variant Name]

Category trojan
Size 211044 B
Aliases Backdoor.Win32.NewRest.an (Kaspersky)
  W32/Rustock.gen.a.virus (McAfee)
  TrojanDropper:Win32/Rustock.J (Microsoft)
  Win32:Neredr (Avast)
Short description

Win32/Rustock.NJB is a trojan that installs Win32/Rustock.NJN malware. The file is run-time compressed using RAR SFX .

Installation

The trojan does not create any copies of itself.


The trojan creates the following files:

  • %temp%\­install.exe (337408 B, Win32/Rustock.NJB)

The file is then executed.


The trojan may create the following files:

  • %system%\­drivers\­beep.sys (116044 B, Win32/Rustock.NJN)
  • %system%\­drivers\­null.sys (116044 B, Win32/Rustock.NJN)
  • %system%\­drivers\­glaide32.sys (116044 B, Win32/Rustock.NJN)

The trojan may install the following system drivers (path, name):

  • %system%\­drivers\­beep.sys, Beep
  • %system%\­drivers\­null.sys, Null
  • %system%\­drivers\­glaide32.sys, Glaide32.sys
Other information

After the installation is complete, the trojan deletes the original executable file.

Please enable Javascript to ensure correct displaying of this content and refresh this page.