Remove Downloader.Lapurd

Posted on: June 15th, 2009


Discovered: June 10, 2009
Updated:

June 11, 2009 11:52:54 AM
Type:

Trojan
Systems Affected:

Windows XP, Windows Vista, Windows NT, Windows Server 2003, Windows 2000
Recommended Action:
In order to Remove Downloader.Lapurd you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of Downloader.Lapurd ..

No Adware Review

Technical Details:
This Trojan typically arrives as a file with the following name, embedded within
another file named details.rtf:
Microsoft Word EndNote x2 error.

This gives the appearance that, when opened in Microsoft Word, there has been
an error. When the .scr file within the .rtf file is double clicked, the Trojan is executed.

The Trojan then creates the following file:
%UserProfile%\Application Data\wks.exe

The Trojan creates the following registry entry, so that it starts when Windows
starts:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current
Version\Run\”Windows32KernelStart” = “%UserProfile%\Application Data\wks.exe”

It also creates the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current
Version\Policies\System\”EnableLUA” = “0″

The Trojan then connects to the following URLs and downloads potentially
malicious files:

* [http://]12oaks.net/htmlserver/inde[REMOVED]
* [http://]bluegorillamedia.net/Scripts/ActiveContent/inde[REMOVED]
* [http://]jchamorro.com/drupal/sites/website/inde[REMOVED]
Action Steps:
FREE SCAN: NoAdware can Remove Downloader.Lapurd. Click the link below for your free download & scan your PC now.

Please click here for manual removal instructions.

Posted on Monday, June 15th, 2009 at 4:58 am - filed under Blog, Trojan.