Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4237 (2002-12-11) Updated DAT4237 (2002-12-11) |
Minimum Engine
5.1.00 File Length28,672 bytes |
Description Added
2002-12-03 Description Modified2002-12-04 |
Malware Proliferation
Characteristics
This trojan sets a Registry key such that the victim machine restarts upon booting Windows. In testing, it does not work as designed on NT systems.
When run on the victim machine, the following dialog box is displayed ('Installation Successful' in German):
The following Registry key is also set:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"Sdll32" = rundll32.exe user,exitWindows
Scanning and cleaning with the indicated engine/DATs will delete the trojan and remove this Registry key.
Symptoms
Machine restarting immediately after Windows starts, coupled with the existence of the above Registry key.
Method of Infection
The trojan sets a Registry key in order to put the victim machine in a reboot loop.
Removal
All Users:
Use current engine and DAT files for detection and removal.
Manual Removal Instructions
- Restart Windows in Safe Mode
- Delete the files mentioned above
- Delete the registry keys as mentioned above
- Restart the computer
Variants