Trojan:W32/Black.A: What you Need to Know

May 20, 2009
by Indre
read more articles by Indre What's your opinion?

You thought that it would never happen to you, but it happened! Unfortunately, now your computer has

been poisoned by the Packed.Win32.Black.a. infection. Be aware of the fact that this computer threat includes files which are packed with a stolen version of the Themida software protection program. So remember the characteristics of this trojan in order to protect your computer from harm.

Here are a few significant technical details on Trojan:W32/Black.A:

Name: Trojan:W32/Black.A
Detection Names: Packed.Win32.Black.a
Category: Malware
Type: Trojan
Platform: W32

As the program causes potential security doubts, it is difficult to place Trojan:W32/Black.A under any other group than malware. It has been discovered that stolen portion of this program is used to camouflage the malware portion. Identifying a file that has been packed with a stolen portion of Themida is the way to fight against this infection.

Take a look at this list of alias names for Trojan:W32/Black.A.

Trojan Horse

Trojan.Crypt!IK

TR/PCK.Black.A.3515

W32/Heuristic-210!Eldorado

Win32/Themida

Trojan.Packed.64742

Trojan.Packed.650

Win32.Packed.Black.A

W32/Heuristic-210!Eldorado

Trojan.Crypt

Trojan/Black.a

W32/Black.A

Packed.Win32.Black.a

Trojan.Packed.64742

GW-Edition Trojan.PCK.Black.A.3515

Generic!Artemis

New Malware.jn

Packed.Win32.Black.a

Mal/Generic-A

Trj/CI.A

Packed.Win32.Black.a

Table 1.The list of alias names

All users need to be attentive as the Trojan is protected with Themida so as to prevent the sample from being reverse-engineered. The Themida protection is actually being used by the threat to obscure manual threat research (for instance the sample would run unsuccessfully on a Virtual Machine).

To conclude, bear in mind that you can also find clean files that have been packed with the stolen version of Themida. If you come across a reliable file that is from a legitimate source and it has been identified as Packed.Win32.Black.a, you may choose to use the file by excluding it from real-time scanning. In addition, it is advisable to test distrustful files with different antiviruses.

Resources:
The alias list of the trojan
Defining Trojan:W32/Black.A
Review on the threat

Comments

palival anderson

My system infected by this malware after visiting a free game site. I have tried several antivirus software, all failed to remove. finally fixed my system with Solo Antivirus ( http://soloantivirus.com ) If face black.a virus removal problem, you can try this software.

left at May 22, 2010 2:30