|Detected||Aug 21 2002 20:00 GMT|
|Released||Aug 21 2002 20:00 GMT|
|Published||Aug 09 2007 13:43 GMT|
This Trojan has a malicious payload. It is a Windows PE EXE file. It is 11,264 bytes in size. It is packed using UPX. The unpacked file is approximately 24KB in size. It is written in C++.
When launched, the Trojan creates a thread which every second performs the following actions:
terminates all processes that contain one of the strings listed below in their names:
ANTIVIR WEBSCANX SAFEWEB ICMON CFINET CFINET32 AVP.EXE LOCKDOWN2000 AVP32 ZONEALARM ALERTSVC AMON.EXE AVPCC.EXE AVPM.EXE ESAFE.EXE PCCIOMON PCCMAIN POP3TRAP WEBTRAP AVCONSOL AVSYNMGR VSHWIN32 VSSTAT NAVAPW32 NAVW32 NMAIN LUALL LUCOMSERVER IAMAPP ATRACK MCAFEE FRW.EXE IAMSERV.EXE NSCHED32 PCFWALLICON SCAN32 TDS2-98 TDS2-NT VETTRAY VSECOMR NISSERV RESCUE32 SYMPROXYSVC NISUM NAVAPSVC NAVLU32 NAVRUNR NAVWNT PVIEW95 F-STOPW F-PROT95 PCCWIN98 IOMON98 FP-WIN NVC95 NORTON
scans the system for the Task Manager window and terminates it.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.
This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.