Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 

DHL_DOC PROCESS INFORMATION

Process Name  : DHL_DOC.exe

Process type    : Trojan

Malware Name : Trojan.Win32.Buzus.arqx

Alias             : Injector.CZ, Win32:Rootkit-gen, Win32/Spy.Zbot.JF, Generic.dx trojan

Threat level : Low

Process Details

                     Trojan.Win32.Buzus.arqx is spammed via e-mail and it usually arrives with attachment DHL_DOC.zip which contains the file DHL_DOC.exe.

The infected mail subject will be

DHL Tracking number #<Random string>
Example: DHL Tracking number #N80XQ061350CSKG

The infected mail message body will be

Hello!

We were not able to deliver postal package you sent on the 14th of March in time
because the recipient’s address is not correct.
Please print out the invoice copy attached and collect the package at our office.

Your personal manager: Tommy Deal,
Customer Service: 1-800-CALL-DHL
Fax: 888-221-6211
DHL International, Ltd. All Rights Reserved.

The infected mail attachment will be

DHL_DOC.zip

                  When the infected e-mail attachment is executed, it copies to %SYSTEM%\sdra64.exe. Then it modifies the registry to load automatically on next startup. The registry key modification is given below.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Userinit = "%System%\userinit.exe,%System%\sdra64.exe,"

                   Buzus also download and installs serveral malicious files in the infected system. It is associated with Zbot family and it steals banking information from the infected system. This trojan is also known as Trojan-Spy:W32/Zbot.IQJ, Win32/Spy.Zbot.NB, W32/Banger.EIIP, Troj/Bckdr-QSL. Trojan.Win32.Buzus.arqx variant appeared on 24th March 2009.

How can I protect my system?

                   Solo has incorporated Trojan.Win32.Buzus.arqx in its signature file to protect users from this trojan attack. Solo antivirus registered users are already protected from this trojan. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Trojan?

                   If you are already infected with this trojan, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove Trojan.Win32.Buzus.arqx safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link