Win32/Unruy [Threat Name] go to Threat

Win32/Unruy.AD [Threat Variant Name]

Category trojan
Size 125440 B
Aliases Trojan.Click1.30317 (Dr.Web)
Short description

Win32/Unruy.AD is a trojan which tries to download other malware from the Internet. It uses techniques common for rootkits.


Win32/Unruy.AD replaces the original MBR (Master Boot Record) of the hard disk drive with its own program code.

The trojan writes its own data to the end of the physical drive.

The trojan does not create any copies of itself.

The trojan creates and runs a new thread with its own program code within the following processes:

  • services.exe
  • svchost.exe
Other information

The trojan acquires data and commands from a remote computer or the Internet.

The trojan contains a list of (2) URLs. The HTTP protocol is used.

The trojan can download and execute a file from the Internet.

The trojan may execute the following commands:

  • iexplore.exe %malwareurl %

Please enable Javascript to ensure correct displaying of this content and refresh this page.