[INFO]
AnalystName=Vaishnavi.V.K
AnalystEMailID= vaishnavik@comodo.com
Team=India
Date=06-FEB-2010
Type=TrojWare
Platform=Win32
Subtype=
Family=Geral
Variant=AA

[OVERVIEW]
This Trojan program downloads various malware programs from malicious websites.

[TECHNICAL_DESCRIPTION]
Disables NOD32 AV services and kills the NOD32 AV executables using command line instruction which are mentiond below
	cmd /c sc config ekrn start= disabled
	cmd /c taskkill.exe /im ekrn.exe /f.
	cmd /c taskkill.exe /im egui.exe /f.

Files Added: 
	%SystemRoot%aaXXXXXXX.exe in .[Where XXXXXXX is random number].
Dropped file downloads additional malwares.
It creates a mutex named XETTETT......
Copies itself to %SystemRoot%\system32 as kav32.exe and creates an autorun entry to excute the malware automatically in all drives.
	
[SYMPTOMS]
Presence of aaXXXXXXX.exe(File Size:13,312 bytes) in %SystemRoot%.[Where XXXXXXX is random number]

[DISINFECTION]
Delete aaXXXXXXX.exe(File Size:13,312 bytes) in %SystemRoot%.[Where XXXXXXX is random number]