W32/Dloader.OPN is a trojan. The trojan will infect Windows systems and spreads through email.
The trojan arrives as an email message spammed by another malware or a malicious user.
The subject of the infected mail will be:
Complaint Case Number JKTW553672
The body of the infected mail will be:
Dear Business Owner ,
This is an automated email that confirms the registration of your complaint case number : JKTW553672 filed by your company on August 09/2007 concerning Online Identity Theft.
While The Better Business Bureau Online does not resolve individual consumer problems, your complaint helps us investigate fraud, and can lead to law enforcement action.
You will find a copy of your complaint http://www.{BLOCKED}linfomart.com/dnd.php?complaint.pdf .Please print and keep this copy for your personal records. We use secure socket layer (SSL) encryption to protect the transmission of the information you submit to us when you use our secure online forms. The information you provided to us is stored securely.
The form you used to register this complaint is designed to improve public access to the Better Business Bureau of Consumer Protection Consumer Response Center, and is voluntary. Through this form, consumers may electronically register a complaint with the BBB.Under the Paperwork Reduction Act, as amended, an agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. The number is 936-924362.
Our staff will keep you updated regarding the status of our investigation.To check the status of your complaint please access www.bbb.org/complaints.asp
The email message contains a embedded malicious URL http://www.(Blocked)linfomart.com/dnd.php?complaint.pdf. When user clicks on it UPDATEFORM.SCR is downloaded on the system.
Upon execution the trojan drops winupdate.exe and Uninstall.exe in the Program Files\winupdate folder.
The trojan then executes the WINUPDATE.EXE file. As a result, the routines of the dropped file are exhibited on the infected system.
It also drops and installs the legitimate system file MSINET.OCX to properly execute WINUPDATE.EXE if this trojan is not able to find the said system file on the affected system.
The trojan then waits for an active Internet connection. If a connection is available, it connects to http://(Blocked).(Blocked).67.194/starts.php which contains a link to another malicious site, http://www.(Blocked)ews.ca/putty.exe.
It then downloads and executes the file PUTTY.EXE. As a result, the routines of the downloaded file can be exhibited on the infected system. After it successfully downloads the malicious file, the trojan terminates itself.
Proland
Software is the developer of Protector Plus range of antivirus software
packages. Protector Plus 2007 is available for Windows Vista, Windows 95/98/Me, Windows
XP, Windows NT/2000/2003 servers and workstations, MS-Exchange 2000/2003, MS-DOS
and NetWare servers.
Protector Plus range of antivirus products
offer on-line virus detection and removal. All the packages have the ability
to detect and isolate all types of viruses, trojans, worms and other types
of malware.
These products are updated on a continuous basis and the latest upgrades
for all the platforms are made available for downloading from this site.
About
Protector Plus Antivirus Software Packages:
Complaint Case Number JKTW553672 
