Troj/SpamToo-U

Category: Viruses and Spyware Protection available since:21 Feb 2007 00:00:00 (GMT)
Type: Trojan Last Updated:21 Feb 2007 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/SpamToo-U is a spamming Trojan for the Windows platform.

When run Troj/SpamToo-U creates the following files:

<Temp>\Zupastik.exe - detected as Troj/SpamToo-U
<System>\rsvp32_2.dll - detected as Troj/SpamToo-U
<System>\sporder.dll - clean file
<Temp>\wallpapers_030226_rover_brodyaga.jpg - clean image file

Troj/SpamToo-U also attempts to display the file <Temp>\wallpapers_030226_rover_brodyaga.jpg with the default image editor.

Once installed Troj/SpamToo-U registers <System>\rsvp32_2.dll as a (LSP) Layered Service Provider and sets the following registry entries to startup whenever a network stream is initialised:

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\
Protocol_Catalog9\Catalog_Entries\

Troj/SpamToo-U may creates entries under:

HKLM\SOFTWARE\WinSock2\Buibert\

Troj/SpamToo-U then attempts to send spam messages via instant messaging client applications including Yahoo! Messenger and also via webmail hosting sites including webmail.tiscali.co.uk, ComcastWebMail, Google Mail and Care2WebMail.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy