Virus masquerading as Kav av

Discussion in 'malware problems & news' started by Tinribs, Aug 22, 2002.

Thread Status:
Not open for further replies.
  1. Tinribs

    Tinribs Registered Member

    Mar 14, 2002
    *It seems I have posted this in the wrong forum,if someone could do the honours! :oops: *

    Kaspersky Labs warns computer users of a massive mailing of the
    Trojan-style malicious program, TrojanDownloader.Win32.Apher. Presently
    there have already been several registered reports of infection.

    The Trojan is sent out by an anonymous evildoer using an anonymous
    e-mail address from a public access e-mail service. The messages
    themselves have a spoofed address showing the sender as The infected message has the following attributes:


    Subject: Protect Your NetWare with Kaspersky Anti-Virus
    Attachment: AAprices.exe

    Kaspersky Labs, an international data-security software developer,
    announces the official release of Kaspersky Anti-Virus 4.0. "We are
    pleased to present the latest version of our anti-virus product. The
    unique technology, updated design, and perfected administering system
    integrated into Kaspersky Anti-Virus 4.0 is the result of many years of
    work dedicated to improving the ease of working with the program and
    increasing computer defense reliability," said Natalya Kaspersky,
    Kaspersky Labs CEO. The new Kaspersky Anti-Virus version (Personal Pro,
    Personal, Lite) fully supports the Microsoft Windows XP operating
    system. Amongst this versions latest innovations are: a complete user
    interface upgrade corresponding to Tree Chart technology; perfected
    system installation that allows for the saving the configuration of
    previously installed versions, and a quarantine feature for isolating
    infected and suspicious objects; expanded treatment of infected archived
    files; an added function for the treatment of Microsoft Outlook Express
    and objects upon system start up and also a memory scanning of active
    applications; and simplified operating features for disk recovery.

    Best regards,
    If you have any questions
    please call
    +1(866) 7280-290

    If the attached file is accidentally opened "Apher" automatically
    initiates a connection with a remote web site. From this site a utility
    enabling the control of the virus "Backdoor.Death.25" is loaded on the
    infected machine. In turn, this program permits the evildoer to
    clandestinely manage an infected computer, to view and send out
    confidential information, and create, copy and delete files in addition
    to much more.
  2. Prince_Serendip

    Prince_Serendip Registered Member

    Apr 8, 2002
    ;) Hi Tinribs! Kaspersky should maybe take a look at their recently "fired" list. Looks like someone is out for revenge?

    This might be a job for Mike Lin's Startup Monitor!
  3. FanJ

    FanJ Guest


    Name: Troj/Apher-A
    Type: Trojan
    Date: 22 August 2002

    At the time of writing Sophos has received just one report of
    this Trojan from the wild.

    Note: This IDE includes detection for Troj/Apher-A and

    Troj/Apher-A is a Trojan which will download and install Troj/Death-25-J.

    Troj/Death-25-J is a backdoor Trojan. When run the Trojan will copy itself to C:\windows\system\vbwinsok.exe and set the following registry keys to point to this file:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\vbwinsok.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Run\vbwinsok.exe

    More information about Troj/Apher-A can be found at
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.