[INFO]
AnalystName=Andrei Brasoveanu
AnalystEMailID=brasoveanua@comodo.com
Team=Romania
Date=03-AUG-2010
Type=TrojWare
Platform=Win32
SubType=TrojanProxy
Family=Glukerlira
Variant=

[OVERVIEW]
This trojan belogs to the trojan-proxy family,a special type of trojans designated to use the victim's computer as a proxy-server.

[TECHNICAL_DESCRIPTION]
Initially, this type of malware behaves like a multi-dropper, as two or more files with different purposes are dropped at specific locations on the local hard-drive. 
One file (named : ltltlt.exe.exe, where lt=letter and all 3 are identical) is always dropped/located in the same directory where the multi-dropper was found (and accidentaly executed) and serves as the component that makes the necessary changes for the proxy-server.
The second component is a backdoor-server, such as Bifrost/ProRat/Cerberus and usually is located in folders such as "Program Files" and "System32" and grants the attacker the ability to execute arbitrary code and other commands of his choosing on the infected computer.

[SYMPTOMS]
Simple operations on files, windows (browsing/exploring, opening/closing, maximizing/minimizing, renaming/deleting etc) that are not issued by the user highlight the presence of server-based hacker intrusion.

[DISINFECTION]
Install and scan your computer with Comodo Internet Security to remove these threats.