Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4238 (2002-12-18) Updated DAT4306 (2003-11-26) |
Minimum Engine
5.1.00 File Length16,384 bytes |
Description Added
2002-12-10 Description Modified2002-12-10 |
Malware Proliferation
Characteristics
This file purports to be a virus removal application. Upon running, this trojan displays the following error message:
The trojan searches the Windows directory for specific files which it will delete, if found:
As the file is not referenced in startup locations and it does not stay in memory, once the file is run initially, it will not perform any further actions without being run again manually.
Symptoms
Method of Infection
Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial. Distribution channels include IRC, peer-to-peer networks, newsgroup postings, etc. This trojan may be distributed under the pretense that it is an virus removal program.
Removal
All Users:
Use current engine and DAT files for detection and removal.
If the virus executed on the system, the user may have to reinstall the operating system, all applications, and restore any documents from backup.
Variants