McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

InSchool is a Trojan Horse whose host program is a self-extracting WinZip file that extracts files to the C: drive in the root directory and its Windows sub directory.

The existing files it effects are AUTOEXEC.BAT and MSDOS.SYS on the root directory and WIN.INI , SYSTEM.INI and CONTROL.INI in the Windows directory. It also leaves two files, INSCHOOL.EXE and BLA NITAR.BMP in the Windows directory.

The effects of the trojan are ;

• AUTOEXEC.BAT is set by the trojan to display the message 'Allow games in School!'
• MSDOS.SYS is over-written to set the Boot Delay to 15 seconds.
• WIN.INI is set to run INSCHOOL.EXE at the start-up. INSCHOOL.EXE in turn displays the picture in BLA NITAR.BMP.
• SYSTEM.INI and CONTROL.INI are over-written so that the screen saver is set to 3D Text Open GL reading 'Ringa suger Hast'

It is not possible to clean InSchool entirely, as MSDOS.SYS will have been over-written and the original file lost entirely. In order to regain these over-written files it will be necessary to restore them from a backup. In order to clean the remaining traces of this virus, delete INSCHOOL.EXE and BLA NITAR.BMP from the Windows directory on the C: drive.

Symptoms

Method of Infection

Removal

-

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

InSchool is a Trojan Horse whose host program is a self-extracting WinZip file that extracts files to the C: drive in the root directory and its Windows sub directory.

The existing files it effects are AUTOEXEC.BAT and MSDOS.SYS on the root directory and WIN.INI , SYSTEM.INI and CONTROL.INI in the Windows directory. It also leaves two files, INSCHOOL.EXE and BLA NITAR.BMP in the Windows directory.

The effects of the trojan are ;

• AUTOEXEC.BAT is set by the trojan to display the message 'Allow games in School!'
• MSDOS.SYS is over-written to set the Boot Delay to 15 seconds.
• WIN.INI is set to run INSCHOOL.EXE at the start-up. INSCHOOL.EXE in turn displays the picture in BLA NITAR.BMP.
• SYSTEM.INI and CONTROL.INI are over-written so that the screen saver is set to 3D Text Open GL reading 'Ringa suger Hast'

It is not possible to clean InSchool entirely, as MSDOS.SYS will have been over-written and the original file lost entirely. In order to regain these over-written files it will be necessary to restore them from a backup. In order to clean the remaining traces of this virus, delete INSCHOOL.EXE and BLA NITAR.BMP from the Windows directory on the C: drive.

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

-

Variants

Variants -

N/A