W32/Frethem-P

Category: Viruses and Spyware Protection available since:25 Jul 2002 00:00:00 (GMT)
Type: Win32 worm Last Updated:25 Jul 2002 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Frethem-P is a member of the Frethem family but does not contain the email properties common amongst most of the family's variants.

W32/Frethem-P sends HTTP requests to a CGI script located at various remote locations. But at the time of writing those CGI scripts are no longer available hence this does not pose a threat.

W32/Frethem-P is intended to interpret the contents of the requested files as instructions which would likely be used to give the worm certain backdoor features.

W32/Frethem-P will not carry out any actions if the values "0843" and "0419" are found in the following registry entrys :

HKCU\Keyboard layout\preload\1
HKCU\Keyboard layout\preload\2
HKCU\Keyboard layout\preload\3

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy