high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
Please follow the instructions for removing Trojans.
More Information
Troj/FldMedia-A installs several programs typically used by backdoor Trojans, including a Denial-of-Service flooder.
When run, Troj/FldMedia-A drops the following files:
%WINDOWS%\Application name Uninstaller.exe
%WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\codec.wmv
%WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\media.exe
%WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\sipal.exe
%WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\sptr.exe
%WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\teaw.exe
%WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\wins.ini
%WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\x-vid.exe
%WINDOWS%\Start Menu\Programs\Application name\Uninstall Application name.lnk
Troj/FldMedia-A creates the following registry entry so that media.exe is run automatically each time Windows is started:
HKLM\oftware\Microsoft\Windows\CurrentVersion\Run\Media Player
= %WINDOWS%\Help\Tours\WindowsMediaPlayer\Video\media.exe
All files dropped to the new %WINDOWS%\HELP\Tours\WindowsMediaPlayer\Video\ folder have the Hidden and System attributes set.
Sptr.exe is the Denial-of-Service flooder Trojan Troj/Synflood-B.
None of the other dropped files are malware.
Media.exe is a clean mIRC client. Media.exe is installed as the default mIRC client (setting various registry entries), overriding any previous mIRC installation.
Sipal.exe is a clean command-line utility PrcView v 3.6.2.1, by Igor Nys.
X-vid.exe is a clean utility program which can be used to Hide/Reveal application windows.
|
