high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Protection available since | 20 January 2007 00:38:16 (GMT) |
| Last updated | 23 May 2007 03:32:02 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
The name Troj/Dorf-Fam is used where a file belongs to a particular family of Trojans, but the variant is not separately identified. Sophos's proactive protection technology will identify such files as a -Fam variant.
- Ensure that you are using the most recent IDE files, as more precise detection could now be available. If necessary
- update with the latest IDE files and
- repeat the scan.
- Please send us a sample to assist in improving our technology.
- Use the instructions for removing generically detected files to delete the file from your computer.
- If you require further assistance with disinfection, contact support.
More Information
Troj/Dorf-Fam is a family of backdoor Trojans for the Windows platform.
Members of Troj/Dorf-Fam also have functionality to download and execute files from the internet.
Several members of Troj/Dorf-Fam have been seen aggressively spammed out with politically sensitive subject lines such as:
"British Muslims Genocide"
"Sadam Hussein safe and sound!"
"Hugo Chavez dead."
"Russian missle shot down Chinese satellite"
"Venezuelan leader: "Let's the War beginning"."
"The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!"
"Third World War just have started!"
"President of Russia Putin dead."
Other subject lines seen are as follows:
"U.S. Southwest braces for another winter blast. More then 1000 people are dead."
"Love at First Sight"
"Hand in Hand"
"Our love is torn by miles"
Troj/Dorf-Fam is a family of backdoor Trojans for the Windows platform.
Members of Troj/Dorf-Fam also have functionality to download and execute files from the internet.
Several members of Troj/Dorf-Fam have been seen aggressively spammed out with politically sensitive subject lines such as:
"British Muslims Genocide"
"Sadam Hussein safe and sound!"
"Hugo Chavez dead."
"Russian missle shot down Chinese satellite"
"Venezuelan leader: "Let's the War beginning"."
"The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!"
"Third World War just have started!"
"President of Russia Putin dead."
Other subject lines seen are as follows:
"U.S. Southwest braces for another winter blast. More then 1000 people are dead."
"Love at First Sight"
"Hand in Hand"
"Our love is torn by miles"
Troj/Dorf-Fam attempts to drop the file <System>\wincom32.sys, also detected as Troj/Dorf-Fam. This file is registered as a service with a Display Name of "wincom32", with registry entries set at the following location:
HKLM\SYSTEM\CurrentControlSet\Services\wincom32
Troj/Dorf-Fam then attempts to inject another file into services.exe. This file is also detected as Troj/Dorf-Fam, and may create the clean file <System>\peers.ini, as well as download and execute code from the internet, and provide backdoor functionality to allow access to the computer by a remote user.
|
