Threat Research & Response Blog
A relatively new trojan has been making the rounds and causing some problems, particularly on Windows XP systems. Trojan:Win32/Daonol is malware which hooks various system calls in order to steal credential information and redirect some Web traffic. It also protects itself by keeping some security-related software from running.
Several recent versions of this malware are buggy and prevent computers from successfully shutting down or (more importantly) starting up. If you have (or someone you know has) a Windows XP system which won’t boot completely (ie, shows the ‘Windows XP’ splash-screen with the progress bar, but then the screen turns black and the system never starts up completely), it’s likely a Daonol infection. Visit our write-up for Trojan:Win32/Daonol to find instructions on cleaning Daonol off your system if you think you are infected.
Another obvious symptom of infection is that regedit.exe and cmd.exe will not launch properly. To see if this is the case, navigate to Start->Run and enter regedit.exe. If nothing happens after a few seconds, most likely you are infected with Daonol. If you launch cmd.exe in the same way, you will see a command-prompt window but no text will appear in the window itself. Daonol allows the regedit and cmd processes to launch, but it forces them into a suspended state and doesn’t allow them to do anything.
Microsoft Security Essentials can detect and remove all known variants of Daonol, as well as keep you from being infected by it in the first place. If you aren’t using an anti-malware solution, do yourself a favor and head over there for a free copy of Microsoft Security Essentials.
Stay safe out there on the interwebs,Aaron Putnam