Показано с 1 по 2 из 2.

Trojan.Win32.Delf.aig -Trojan, which requires payment of a ransom through SMS.

  1. #1
    External Specialist Репутация Репутация Репутация Репутация Репутация Репутация Репутация Репутация Аватар для MAPKOBKA^^
    Регистрация
    21.11.2007
    Адрес
    London
    Сообщений
    40
    Вес репутации
    72

    Trojan.Win32.Delf.aig -Trojan, which requires payment of a ransom through SMS.

    The Trojan program is around 170KB in size. It's icon is visually indistinguishable from the WinRar archive icon. The Trojan is written in Delphi, and is packed.

    It was discovered on the PC of a user who was seeking assistance on the KL forum (http://forum.kaspersky.com/index.php?showtopic=50043)

    If the Trojan is launched, it completes the following operations:

    1. Tries to delete the file WINDOWS\system32\taskmgr.exe -This is the task manager

    2. Creates a copy of itself in the file WINDOWS\system32\explorer32.exe

    3. Registers the copied file in autorun, a non standard autorun key is used (Winlogon\Userinit)

    4. Damages the display of the <<Desktop>>, which results in the desktop and control panel visually disappearing (but nevertheless, the process explorer.exe continues to work)

    5. Launches WINDOWS\system32\explorer32.exe, after which it shuts down the computer.

    After this, a message will appear on screen in Russian, which gives you the option to send an SMS to a premium rate number for the unblocking of the computer, and the option to enter the code sent after payment. The Trojan process cannot be stopped by the user, as the task manager has been deleted.

    Detection and deletion of the Trojan:

    1. The process of the Trojan is not hidden, which is why it is enough to stop the process explorer32.exe and delete the named file, after which you must reboot the computer.

    2. After rebooting the computer, you should check whether the file WINDOWS\system32\taskmgr.exe is present on the disk. If it is missing, then it needs to be restored manually from the backup, or the distributive of the system.


    <<Translation by MAPKOBKA^^ from original by Oleg Zaitsev located here: http://virusinfo.info/showthread.php?t=13187>>
    -Kaspersky Lab Certified Personal Security Professional
    -Kaspersky Lab Forum Moderator
    -Vinfo Virus FAQ Translator

  2. #2
    External Specialist Репутация Репутация Репутация Репутация Аватар для Sjoeii
    Регистрация
    27.11.2007
    Сообщений
    149
    Вес репутации
    66
    That looks like some smart trojan
    Just a security fanatic

Похожие темы

  1. Trojan-Ransom.Win32.Delf.h
    От NStorm в разделе Описания вредоносных программ
    Ответов: 3
    Последнее сообщение: 30.11.2010, 18:54
  2. Розовый баннер (Trojan-Ransom.Win32.PinkBlocker.ee, Trojan.Winlock.800)
    От bolshoy kot в разделе Описания вредоносных программ
    Ответов: 6
    Последнее сообщение: 16.02.2010, 19:16
  3. uFast Download Manager (Trojan-Ransom.Win32.SMSer.qm, Trojan.Win32.Agent.dapb): описание и лечение
    От NickGolovko в разделе Вредоносные программы
    Ответов: 48
    Последнее сообщение: 30.11.2009, 23:09
  4. Ответов: 1
    Последнее сообщение: 30.06.2009, 08:47
  5. Как удалить trojan.win32.Agent.clui и Trojan-Clicker.Win32.Delf.cbe
    От дмитрий777 в разделе Помогите!
    Ответов: 1
    Последнее сообщение: 15.06.2009, 15:23

Свернуть/Развернуть Ваши права в разделе

  • Вы не можете создавать новые темы
  • Вы не можете отвечать в темах
  • Вы не можете прикреплять вложения
  • Вы не можете редактировать свои сообщения
  •  
Page generated in 0.01203 seconds with 16 queries