Welcome to the Virus Encyclopedia of Panda Security.
It disables several system services, and attempts to connect to several IRC servers and to download a certain file. It is distributed by two different means: either downloaded by Trj/Downloader.ENC or after clicking a banner that passes itself off as a Panda Security program in order to delete the worm Zotob.
|First detected on:||Sept. 1, 2005|
|Detection updated on:||Sept. 1, 2005|
|Yes, using TruPrevent Technologies
Dedler.BD is a worm that disables the services associated to the firewall and the Windows XP Security Center, Windows Update and several antivirus programs.
Additionally, it attempts to connect to several IRC servers and to download a file from the upseek.org domain.
It also has been checked the existence of a DLL (Dynamic Link Library), which although is not part of the executable file of Dedler.BD, it is detected as such. This DLL creates a SMTP server in the affected computer, and uses it in order to send spam.
There are at least two means of distribution of Dedler.BD: it can be located in a malicious web page, passing itself off as a Panda Security program in order to delete the worm Zotob, or it can be downloaded by the Trojan detected as Downloader.ENC.
Dedler.BD is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
However, the version downloaded from several malicious web pages can be easily recognized:
- It passes itself off as a Panda Security program in order to delete the worm Zotob:
Please note that the text of the banner has spelling and grammatical mistakes.
- When the downloaded file is run after clicking the banner, it displays the following message on screen: