# Virus

## W32/Injector.DRPD!tr

### Analysis

W32/Injector.DRPD!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Injector.DRPD!tr may have varying behaviour.
Below are examples of some of these behaviours:

• This malware may drop any of the following file(s):
• %AppData%\subfolder\filename.scr : This file is detected as W32/Injector.DRPD!tr.
• %StartUp%\filename.vbe : This file serves as the autostart for filename.scr.
• %Temp%\[Random].bat : This file is detected as BAT/Small.NAN!tr.

• This malware may connect to any of the following remote sites(s):
• myp0nysit{Removed}.ru
• hxxp://engrseltev{Removed}.com/king/panel/gate.php
• streetcode{Removed}.com

• The original copy of the malware is deleted after execution.

### Recommended Action

• Make sure that your FortiGate/FortiClient system is using the latest AV database.
• Quarantine/delete files that are detected and replace infected files with clean backup copies.