How surprised we were during analysis of Energizer USB Duo charger monitoring software (no longer available on company's website) we received few days ago. Among regular files installed on computer, which are intended to monitor conditions of batteries, is installed also file named Arucer.dll which has nothing to do with monitoring software but serves as backdoor on infected computers.

File is installed into %system32% folder and add a new "Run" key in the registry which makes it to run every time computer is started up. Malware listen on port 7777 allowing remote attackers to connect to computer to get any information or upload another malicious software. AVG detects this file as Trojan horse BackDoor.Generic12.AQFA.

Very interesting thing is to see the name of author (apparently not from Energizer company) in all DLL files which belongs to this software, malicious as well as clean. So after all, this does not seem to be a coincidence.

Solution is very simple, use AVG to remove this file. Hopefully, this time Energizer's bunny will not keep going and going and going.

(Thanks to Michal Cebak)

Read more here: AVG | Top Threats

Tags | AVG virus alert