Search Solo Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info SRN Micro Privacy Statement

 

USPS REPORT.EXE PROCESS INFORMATION

Process Name  : USPS Report.exe

Process type    : Worm

Malware Name : Downloader.Dromedan

Alias             : Win32:Konar [Trj], Worm.Win32.Gamarue!IK, W32/Trojan3.DAJ, W32/Kryptik.CQW!tr, Win32:Konar , Artemis!E716BEF8827E, Downloader.Dromedan, Mal/FakeAV-OQ, WORM_GAMARUE.B

Threat level : Low

Process Details

                      Downloader.Dromedan worm is a network worm and it is spammed via e-mail in a Zip file USPS report.zip (20.6 KB)

The infected mail message body is given below.

Hello!

Unfortunately we failed to deliver the postal package you have sent on the 19th of September in time because the recipient's address is erroneous.

Please print out the shipment label attached and collect the package at our office.

United States Postal Service

The infected message subject will be "USPS Delivery Failure Notification" and from address will be "U.S Postal Service"

                  When the infected e-mail attachment USPS Report.exe within the ZIP file is executed, it copies to %TEMP%\<8 hexadecimal characters>.com folder (example: C:\Windows\temp) and modifies the registry HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run to load automatically on next startup.

                     Downloader.Dromedan worm spreads by copying itself to removable storage devices like pen drives. It also drops several copies of itself in the infected system and network drives. Additionally it attempts to place autorun.inf in the root directory. So that infected file will be executed next time when the drive is accessed.

                     Downloader.Dromedan worm creates the file diskrun.exe in the removable drive like pen drive and creates <Pen Drive Root>\autorun.inf to load automatically. It is also known as Win32:Konar [Trj], Worm.Win32.Gamarue!IK, W32/Trojan3.DAJ, W32/Kryptik.CQW!tr, Win32:Konar, Artemis!E716BEF8827E, Downloader.Dromedan, Mal/FakeAV-OQ, WORM_GAMARUE.B.

How can I protect my system?

                   Solo has incorporated Downloader.Dromedan in its signature file to protect users from this trojan attack. Solo antivirus registered users are already protected from this trojan. Make sure that you have installed registered version of Solo Antivirus to protect your system from all virus threats.

How to remove this Trojan?

                   If you are already infected with this trojan, you can remove it from your computer using Solo Antivirus software. Solo antivirus can detect and remove Downloader.Dromedan worm safely. Use the following link to Download 30 day trial version of Solo antivirus to remove viruses from your computer.

                   Solo anti-virus not only scans for all viruses, it contains a unique System Integrity Checker to protect you from New Internet Worms, Backdoors and malicious VB, Java Scripts. It also effectively removes all existing Internet Worms, File viruses, malicious VBS, Java scripts, Trojans, Backdoors, boot sector, partition table and macro viruses.

You can purchase Solo antivirus using the link