KBL Webdownloader

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 from the doc: '*K.B.L. stands for KILL BIN LADEN. *This is a Firewall + Lan bypasser webdownloader. *Server is packed with upx v1.22. << THX to: >> *APHEX,AKCOM,READ101,STAN & MADSHI. << NEW IN THIS VERSION >> *Much better injection method (only added 3kb to server). Satan_addict'

Alias:

 TrojanDownloader.Win32.KBLdown

Category:

Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

Variants:
  • KBL Webdownloader 1.1
  • KBL Webdownloader 1.2
  • KBL Webdownloader FW+LB 1.1
    		•

    Similar Pests:

    		 Downloader

    Origins

    Author:

    		 Satan_addict

    Group:

    		 Satanzcrew

    By This Group:

    		 Bachdoor.Coldfuson.11 ·

    Programming Language:

    		 Delphi. Compressed with UPX.

    Date of Origin:

    		 Variants from September, 2002 to December, 2002

    Operation

    Storage Required:
  • KBL Webdownloader 1.2: at least 537 KB
  • KBL Webdownloader FW+LB 1.1: at least 349 KB
    		•

    Restart:

    		 none.
    Autostarting Pests

    ScreenShot:


    K.B.L. WebdownLoader 1.1


    K.B.L. WebdownLoader 1.2

    Detection and Removal

    Automatic Removal:

    PestPatrol detects this.

    PestPatrol removes this.

    Manual Removal:

    		 Follow these steps to remove KBL Webdownloader from your machine. Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake.
    Stop Running Processes:

    Kill these running processes with Task Manager:

    Remove Files:

    Remove these files (if present) with Windows Explorer:

    Research

    File Analyses:

    More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 July 30, 2004