[MALWARE]Retadpu.exe and Kaspersky


Retadpu.exe is a Trojan Downloader (a variant of Downloader-BCF trojan), that can cause several damages if not blocked by some Antivirus.

Here some characteristics of the virus:

First seen: Apr 23 2007
File Size: 45,056 bytes
Product Information: Updater MFC Application
Version Information: 1, 0, 0, 1


.:: Symptoms ::.

Presence of Retadpu.exe into %Windir% folder.

.:: Activity ::.


Installs programs.
Deletes programs.
Invokes dll components.
Creates Run Keys.
Runs other programs.
Communicates with web sites using httpout protocols.
Hijacks running processes.
Has outbound communications.
Creates known malware.
Creates copies of itself.
TaskManager is disabled.
Desktop Appears and Disappears.

Seems also, that if Kaspersky AV is installed, in some way (it’s my interest to reverse this) it makes unusable Kaspersky, the only solution is an External remotion with NoAdware or SpyBot.

NOD32 seems not vulnerable.

See you to the next post 🙂


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: