McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This threat is detected as JS/Cisp. The script will access a site on www.beech-info.com and attempt to download Readme.txt%00demo.exe. This file is is detected as CoreFlood trojan.

Systems that are running Internet Explorer 6 without any service packs installed are at risk. If you do not have this version of Internet Explorer, the file will not be downloaded and run automatically.

Symptoms

The presence of the files inf214.html and trixxx.htm (Where xxx are random characters generated by the trojan.) in the temporary internet files folder.

Method of Infection

Accessing a site which contains the IFrame link to www.beech-info.com/.../

Removal

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This threat is detected as JS/Cisp. The script will access a site on www.beech-info.com and attempt to download Readme.txt%00demo.exe. This file is is detected as CoreFlood trojan.

Systems that are running Internet Explorer 6 without any service packs installed are at risk. If you do not have this version of Internet Explorer, the file will not be downloaded and run automatically.

Symptoms

Symptoms -

The presence of the files inf214.html and trixxx.htm (Where xxx are random characters generated by the trojan.) in the temporary internet files folder.

Method of Infection

Method of Infection -

Accessing a site which contains the IFrame link to www.beech-info.com/.../

Removal -

Removal -

All Users:
Use current engine and DAT files for detection. Delete any file which contains this detection.

Variants

Variants -

N/A