Aliases: N/A
Variants: N/A

Classification: Malware
Category: Trojan Horse

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 01 Jul 2003
Damage: Low

Characteristics: The W32.Trabajo application is a Trojan horse that utilizes an icon of standard folder of Windows to mislead you into thinking that it is a true folder. When you click the icon of the trojan's folder two times, this Trojan will be performed.

More details about W32.Trabajo

Once the W32.Trabajo was executed, it replicates itself as %System%\Wininit.com, %System%\Rundll32.com or %Windir%\Msgsrv32.com. The %System%\ and or %Windir%\ are variables. The W32.Trabajo searches for the folder of the Windows installation and replicate itself to the found location. This is the C:\Winnt or the C:\Windows by default. Also it replicate itself to the C:\Windows\System32 (only Windows XP), C:\Winnt\System32 (Windows 2000 and Windows NT), or C:\Windows\System (Windows Me, Windows 98, and Windows 95). The Trojan also adds a several values in the key of the registry, so that in case the Windows starts, the Trojan will run at the same time.

The files installed by the W32.Trabajo program are located on the Windows system folder. It drops a Dynamic Link Library (DLL) file. The DLL file provides the hijacking capabilities of the application. The program makes modifications on the system’s registry upon installation. It adds a registry entry which allows the program to execute automatically at every Windows start-up. The W32.Trabajo application functions on Windows operating systems.