Troj/CHMDrop-B

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	6 March 2008 01:22:10 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/CHMDrop-B is a Trojan for the Windows platform.

Top-level component of Troj/CHMDrop-B is a compiled HTML help file containing an article called "Photos of Tibet in the early 1940's".

When Troj/CHMDrop-B is run, it drops a file called music.exe - also detected as Troj/CHMDrop-B.

The file music.exe drops two further files and deletes itself:

- <WINDOWS>\system\conime.exe -detected as Troj/CHMDrop-B
- <WINDOWS>\system\zipfldr.dll - proactively detected as Mal/Emogen-AA

Troj/CHMDrop-B will attempt to download two files:

- photos-downloaded1.exe - detected as Troj/CHMDrop-B
- photos-downloaded2.exe - detected as Mal/Emogen-Y

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

Troj/CHMDrop-B

Summary

Action

More Information