McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

This trojan was discovered in connection with the Exploit-CreateTxtRng trojan .  A hacked webserver (www.golfingv [blocked] .com) contains exploit script, which results in a file named ca.exe being downloaded from another hacked webserver (fullfatsk [blocked] .com).

ca.exe is Downloader-AVK  This trojan simply attempts to download an execute another trojan calc.exe from the same compromised webserver.

calc.exe is a new password stealing trojan, PWS-PartyPooper .

Symptoms

This trojan does not copy itself to any additional locations on an infected system, nor does it configure itself to run at system startup.

Method of Infection

This trojan may be installed by exploiting a Microsoft Internet Explorer vulnerability, see: Exploit-CreateTxtRng

Removal

Detection is included in our BETA DAT files and will also be included in the next scheduled DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Additional Windows ME/XP removal considerations

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Characteristics

Characteristics -

This trojan was discovered in connection with the Exploit-CreateTxtRng trojan .  A hacked webserver (www.golfingv [blocked] .com) contains exploit script, which results in a file named ca.exe being downloaded from another hacked webserver (fullfatsk [blocked] .com).

ca.exe is Downloader-AVK  This trojan simply attempts to download an execute another trojan calc.exe from the same compromised webserver.

calc.exe is a new password stealing trojan, PWS-PartyPooper .

Symptoms

Symptoms -

This trojan does not copy itself to any additional locations on an infected system, nor does it configure itself to run at system startup.

Method of Infection

Method of Infection -

This trojan may be installed by exploiting a Microsoft Internet Explorer vulnerability, see: Exploit-CreateTxtRng

Removal -

Removal -

Detection is included in our BETA DAT files and will also be included in the next scheduled DAT release. In addition to the DAT version requirements for detection, the specified engine version (or greater) must also be used.

Additional Windows ME/XP removal considerations

Variants

Variants -

N/A