McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This trojan downloads a list of e-mail addresses and spam content from website wm.maxysearch.info. It then sends out the mails using its own SMTP engine, to the addresses in that list. The 'from' field, subject and body of mail can vary depending upon the spam content.

An example of such a mail can be

From: "iaremirov" <ovywqxocwuz@hotmail.com> To: hisride@yahoo.com Subject: incredible prices for best drugs! Wide r@nge 0f mo$t popular generic$ with low prices: /iagra, Cial1s, Propeci@, Glucophage, /ioxx, Celebrex, Meridia, Zoloft, etcViagra is used for the treatment of male impotency. The active ingredient in Viagra is a specific inhibitor of phosphodiesterase 5. Phosphodiesterase 5 (PDE5) cleaves the ring form of cyclic GMP (cGMP) a cellular second messenger similar to cAMP. The inhibition of the phosphodiesterase allows for the persistence of cGMP which promotes the effects of cGMP production. In this case, it allows for increased blood flow into the penis which may result in an erection.This is the lowest price for Viagra online! At 0ur site you p@y only $1.60 per do$e! including all fees and charges. If you'd like to see prices for other medicines, visit 0ur site! Remove your email <link>   

This trojan does not create any registry or files. It is observed to come bundled with other trojans, which may execute this trojan for spam.

Symptoms

There is no obvious symptom of presence of the trojan as it does not create any registry or file changes. However, the network traffic and CPU utillization increases if the trojan is running.

Method of Infection

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.  Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This trojan downloads a list of e-mail addresses and spam content from website wm.maxysearch.info. It then sends out the mails using its own SMTP engine, to the addresses in that list. The 'from' field, subject and body of mail can vary depending upon the spam content.

An example of such a mail can be

From: "iaremirov" <ovywqxocwuz@hotmail.com> To: hisride@yahoo.com Subject: incredible prices for best drugs! Wide r@nge 0f mo$t popular generic$ with low prices: /iagra, Cial1s, Propeci@, Glucophage, /ioxx, Celebrex, Meridia, Zoloft, etcViagra is used for the treatment of male impotency. The active ingredient in Viagra is a specific inhibitor of phosphodiesterase 5. Phosphodiesterase 5 (PDE5) cleaves the ring form of cyclic GMP (cGMP) a cellular second messenger similar to cAMP. The inhibition of the phosphodiesterase allows for the persistence of cGMP which promotes the effects of cGMP production. In this case, it allows for increased blood flow into the penis which may result in an erection.This is the lowest price for Viagra online! At 0ur site you p@y only $1.60 per do$e! including all fees and charges. If you'd like to see prices for other medicines, visit 0ur site! Remove your email <link>   

This trojan does not create any registry or files. It is observed to come bundled with other trojans, which may execute this trojan for spam.

Symptoms

Symptoms -

There is no obvious symptom of presence of the trojan as it does not create any registry or file changes. However, the network traffic and CPU utillization increases if the trojan is running.

Method of Infection

Method of Infection -

Trojans do not self-replicate. They are spread manually, often under the premise that the executable is something beneficial.  Distribution channels include IRC, peer-to-peer networks, newsgroup postings, email, etc

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A