Discussion in 'malware problems & news' started by Marianna, Feb 18, 2004.

Thread Status:
Not open for further replies.
  1. Marianna

    Marianna Spyware Fighter

    Apr 23, 2002
    B.C. Canada
    Date Discovered: 2/9/2004
    Date Added: 2/17/2004
    Origin: Unknown
    Length: 19,295 bytes
    12,797 bytes
    Type: Trojan

    Virus Characteristics

    This is trojan simply installs other trojans. It was being installed via an Internet Explorer exploit. Unsuspecting users who navigated to a specified website using a vulnerable web browser would become infected.

    At the time of this writing the website in question is no longer responding.

    Upon visiting the infectious web page, the Exploit-MhtRedir trojan would download and access a Microsoft Compiled Help file (CHM.CHM). Within this CHM file exists an HTML document LAUNCH.HTML, which contains the Exploit-CodeBase trojan to run the file MSTASK.EXE, which is the MultiDropper-GP.a trojan .

    Indications of Infection

    Presence of the following files:

    %WinDir%\msto32.dll (3,072 bytes) - KeyHook.dll application
    %WinDir%\svchost.exe (12,288 bytes) - Spy-Tofger trojan
    %WinDir%\Downloaded Program Files\mstasks.exe (25,852 bytes) - MultiDropper-GP.a trojan
    %SysDir%\mstu.exe (6,656 bytes) - ProcKill-BM trojan
    %SysDir%\wingua.exe (4,608 bytes) - MultiDropper-GP.b trojan
    Where %WinDir% is the Windows directory (c:\windows c:\winnt etc) and %SysDir% is the System directory (c:\windows\system32 c:\windows\system etc)

    Method of Infection

    This trojan is installed via an Internet Explorer vulnerability when visiting an infectious website.


    PHP_BIZAI.A (Trend)
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.