|
|
|
|
|
Symantec.com > Enterprise > Security Response > Downloader.Tooncom
PRINT THIS PAGE

Downloader.Tooncom

Risk Level 1: Very Low

Discovered:
October 27, 2003
Updated:
February 13, 2007 12:14:56 PM
Also Known As:
TrojanDownloader.Win32.Tooncom
Type:
Trojan Horse
Systems Affected:
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

Downloader.Tooncom is a Trojan Horse that consists of two files, Loader.exe and iedll.exe.

This Trojan overwrites the Windows Hosts file, which is used for name resolution. The Trojan also modifies the Internet Explorer Search and Home pages, as well as Favorites.



The following instructions discuss how to fix the Windows host file so that the added name resolution entries do not forward you to 66.40.16.131.
  1. Using Windows Explorer, look for the Windows host file in the following locations, if the locations exist:
    • C:\Windows\System32\Drivers\Etc\hosts
    • C:\Windows\hosts
    • C:\Winnt\System32\Drivers\Etc\hosts
    • C:\Winnt\hosts
    • D:\Windows\System32\Drivers\Etc\hosts
    • D:\Windows\hosts
    • D:\Winnt\System32\Drivers\Etc\hosts
    • D:\Winnt\hosts

  2. For each \hosts file that you find, double-click the file.
  3. When the "Open With" dialog box appears, scroll through the list and select Notepad. Do not check the "Always open this program with. . ." box.
  4. Within the file, delete any lines that begin with 66.40.16.131.
  5. Save the host file.


Antivirus Protection Dates

  • Initial Rapid Release version October 27, 2003
  • Latest Rapid Release version July 25, 2011 revision 039
  • Initial Daily Certified version October 27, 2003
  • Latest Daily Certified version July 26, 2011 revision 002
  • Initial Weekly Certified release date October 29, 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat Assessment

Wild

  • Wild Level: Low
  • Number of Infections: 0 - 49
  • Number of Sites: 0 - 2
  • Geographical Distribution: Low
  • Threat Containment: Easy
  • Removal: Easy

Damage

  • Damage Level: Low

Distribution

  • Distribution Level: Low
Writeup By: Fergal Ladley
Technical Details

Search Threats

Search by name

Example: W32.Beagle.AG@mm
ThreatCon Widget
Internet Security Threat Report, Volume 16
Symantec DeepSight Screensaver
©1995 - 2012 Symantec Corporation
About|
Site Map|
Legal|
Privacy|
Contact|
RSS