Sophos

Troj/Psyme-CA

Aliases
  • Trojan-Downloader.VBS.Psyme.q
  • VBS/Psyme
  • CHM_PSYME.AG
Category
Type
What to do
Prevalence low high

Summary

 
Affected operating systems Windows
Protection available since 29 June 2005 12:57:12 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

Troj/Psyme-CA is an HTML-based script which exploits the XMLHTTP and ADODB Stream vulnerabilities associated with Microsoft Internet Explorer to download and run an executable file. Troj/Psyme-CA is an HTML-based script which exploits the XMLHTTP and ADODB Stream vulnerabilities associated with Microsoft Internet Explorer to download and run an executable file.

On Windows 98 the Trojan will save the downloaded file to C:\qwe.exe, on Windows 2000 the file will be downloaded to C:\Documents and Settings\All Users\Start Menu\Programs\Startup\qwe.exe, and under Windows 95, ME, NT, and XP the file will be downloaded and saved over Windows Media Player if it exists at any of the following locations:

C:\Programmer\Windows Media Player\wmplayer.exe
C:\Program\Windows Media Player\wmplayer.exe
C:\Programme\Windows Media Player\wmplayer.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programfiler\Windows Media Player\wmplayer.exe
C:\Programas\Windows Media Player\wmplayer.exe
C:\Programa1s\Windows Media Player\wmplayer.exe
C:\Archivos de programa\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Media Player\wmplayer.exe

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer