ZoneAlarm SmartDefense Research Center

Virus Information Center

The Virus Information Center serves as a rich, up-to-the-minute resource, containing detailed information on viruses, worms, Trojans, and hoaxes, as well as valuable documentation on the implementation of comprehensive antivirus protection and internet security.

Search Browse Glossary

Virus Information Search Results

Virus Name: Butano

Pervasiveness:

1 of 5

Destructiveness:

0 of 5

Wildness:

0 of 5

Type: Trojan

Aliases: [Win32/]Butano.Trojan; [Win32.]Butano;

Date Modified: 11-Jul-2002

Date Published: 12-Jul-2001

Description:
When the file infected with the Butano trojan is executed, a picture of a man is displayed, along with some Spanish dialog and two buttons, "Aceptar" and "Rechazar" .

If the user clicks on the "Rechazar" button, the dialog box below will be displayed:

Clicking the "OK" button returns the user to the first screen. If the "Aceptar" button is clicked, a batch file is dropped to Windows temp directory and executed. The batch file will delete the following files:

C:\AUTOEXEC.BAT
C:\CONFIG.SYS
C:\COMMAND.COM
C:\WINDOWS\WIN.COM
C:\WINDOWS\WIN.INI
C:\WINDOWS\SYSTEM.CD
C:\WINDOWS\USER.DAT
C:\WINDOWS\SYSTEM.DAT

This will render the system unusable after infection.

In addition, KILL.EXE (a legitimate piece of software) is dropped to the temp directory.