Overview
This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.
|
Minimum DAT
4244 (2003-01-22) Updated DAT4244 (2003-01-22) |
Minimum Engine
5.1.00 File Length98304 |
Description Added
2003-01-15 Description Modified2003-01-22 |
Malware Proliferation
Characteristics
Note:
The trojan does not use the international dialup code for Austria. Outside of Austria, the trojan is able establish connections, given the number exists.
Symptoms
Method of Infection
After execution, the program tries to dial a 0930 number unless there is no modem installed. It does not copy itself on the harddisk nor does it add or change any Registry keys.
This trojan, coded in Visual Basic, does not distribute itself, but it maybe offered in peer-to-peer (P2P) networks or sent via EMail by an attacker.
The program has the following icon:
The original filename was "IEcard.exe", but this might be changed.
Removal
All Users:
Use specified engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Variants