How surprised we were during analysis of Energizer USB Duo charger monitoring software (no longer available on company's website) we received few days ago. Among regular files installed on computer, which are intended to monitor conditions of batteries, is installed also file named Arucer.dll which has nothing to do with monitoring software but serves as backdoor on infected computers.
File is installed into %system32% folder and add a new "Run" key in the registry which makes it to run every time computer is started up. Malware listen on port 7777 allowing remote attackers to connect to computer to get any information or upload another malicious software. AVG detects this file as Trojan horse BackDoor.Generic12.AQFA.
Very interesting thing is to see the name of author (apparently not from Energizer company) in all DLL files which belongs to this software, malicious as well as clean. So after all, this does not seem to be a coincidence.
Solution is very simple, use AVG to remove this file. Hopefully, this time Energizer's bunny will not keep going and going and going.
(Thanks to Michal Cebak)
Actually, it left the bad dll on my system when I uninstalled. You should search your widows directory for the file 'arucer.dll' which is the file you should delete. If you uninstalled, please check for this file.
Posted by: JD R | March 11, 2010 at 16:23
I can not thank people lke Michal Cebak enough for ther exposure and efforts to help alleviate those of us who can get dropped off a cliff with our electronics. What would we do without you? Thanks again.And Thank you AVG Lady K
Posted by: Kelly Roland | April 29, 2010 at 06:10