high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Protection available since | 28 May 2009 11:21:15 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Samson-A is a Trojan for the Windows platform.
When the Trojan runs, it creates the file <Windows>\winamp.dll.exe.
The Trojan will copy itself onto any mp3's found on the victim's computer (with the same name as the mp3 file and an appended ".exe" at the end), thus destroying all mp3 files on the system.
The Trojan also proceeds to turn off Winamp.
The following registry entry is created to run winamp.dll.exe on startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ServiceOptionMP3
<Windows>\winamp.dll.exe
The following registry entry is set, disabling the registry editor (regedit):
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
Registry entries are set as follows:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegedit
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
LegalNoticeCaption
STOP PIRACY!!!!
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
LegalNoticeText
Stop pembajakan Musisi Dalam Negeri, Jangan Gunakan MP3 lagi (sok sok an) huahahahahaha!!!
|
