Protecting your computer from the DUQU malware with your Trend Micro program

Solution ID Last Updated
1059505 Oct. 16, 2014 11:15 PM (PST)

Product / Version Platform
OfficeScan - 10.0, 10.5, 10.6;11.0;Worry-Free Business Security Standard/Advanced - 6.0, Worry-Free Business Security Standard/Advanced - 7.0, Worry-Free Business Security Standard/Advanced - 8.0, Worry-Free Business Security Standard/Advanced - 9.0;
Windows - 2003 Enterprise, 2003 Enterprise 64-bit, 2003 Small Business Server, 2008 Enterprise, 2008 Essential Business Server, 2008 Server Core, 2008 Small Business Server, 2008 Standard, 2011 Small Business Server Essentials, 2011 Small Business Server Standard, 7 32-bit, 7 64-bit, Vista 32-bit, Vista 64-bit, XP Home, XP Professional, XP Professional 64-bit, 8 32-bit, 8 64-bit, 2012 Enterprise, 2012 Standard

Problem Description

Know how to protect your machine from the malware called DUQU.


DUQU may have been developed by the cybercriminals that created STUXNET, due to the similarities with their codes and routines. However, unlike STUXNET, DUQU's payload does not include connecting to SCADA systems.
DUQU is made of the following components that work together:
  • RTKT_DUQU.A, a SYS file
  • 2 encrypted DLL components
These components work together to enable DUQU to connect with its C&C server to download other files. The main component is the RTKT_DUQU.A file. One of its downloaded files is the information stealer detected as TROJ_SHADOW.AF.
Below are Trend Micro solutions to protect yourself from the malware:
Smartscan Detection TBL 11514.009.00
TBL 11584.018.00
OTH-CPR 8.508.05
CPR Detection CPR 8.508.03
Smart Pattern Detection CPR 8.508.05(RTKT_DUQU.SME)
OPR Detection OPR 8.429.00
OPR 8.509.00

Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.

Connect with us on