McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This trojan exploits an old IIS buffer overflow vulnerability that allows for the execution of arbitrary code on an unprotected IIS4 web server. For more information on this vulnerability see Microsoft Security Bulletin (MS99-019)

Symptoms

The are no obvious signs of infection.

Method of Infection

This trojan is used by an attacker to exploit a remote system. It has been seen in combination with other trojans, allowing a remote attacker to control the trojan.

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This trojan exploits an old IIS buffer overflow vulnerability that allows for the execution of arbitrary code on an unprotected IIS4 web server. For more information on this vulnerability see Microsoft Security Bulletin (MS99-019)

Symptoms

Symptoms -

The are no obvious signs of infection.

Method of Infection

Method of Infection -

This trojan is used by an attacker to exploit a remote system. It has been seen in combination with other trojans, allowing a remote attacker to control the trojan.

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A