FRISK Software International

Summary of W32/Downloader.ANCJ
Discovered: 14 Nov 2006
Definition files: 14 Nov 2006
Risk Level: Medium
Jump to:
Brief description
Technical description
Removal Instructions

Brief Description
W32/Downloader.ANCJ is a Trojan that downloads other malicious files and executes them.

Technical Description
W32/Downloader.ANCJ was spammed as an attachment to an e-mail claimed to come from eBay. The attachment is named Ebay.pdf.exe and has the same Icon as pdf files on system that have installed Acrobat reader. This is done to try to trick the user into thinking it is safe to double click on the file.

Upon execution it displays a message prompting the following:

Acrobat 6 - Error "Warning" 20225

Next it tries to download files from a list of hardcoded Internet addresses. These files contain encrypted Internet addresses of other executables which it downloads and executes.

At the time of this writing the files downloaded were executables which try to steal usernames and passwords for such sites as eBay and e-gold.

Removal Instructions
For general removal instructions please click here.

Marteinn Žór Haršarson

Stay up to date with important developments via e-mail.
Stay up to date with life cycle policies for F-PROT Antivirus for Windows.
Virus news and information directly to your desktop.
Definitions of common antivirus terminology.
For further virus information, please try our partners' websites:


perComp Verlag
(in German)