Troj/Small-AT

Aliases	Trojan.Win32.Small.az
Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Characteristics	Drops more malware
Protection available since	5 September 2004 11:13:05 (GMT)
Last updated	15 September 2004 10:57:52 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

More Information

Summary
Action
More Information

Troj/Small-AT attempts to download a file from a remote website.

The Trojan drops and executes an HTML file called mt.html within the Program files folder. The HTML file contains embedded JavaScript which opens a file called mtrslib2.js at a remote URL. The file mtrslib2.js, in turn, exploits the codebase vulnerability to download a file to the victim's computer.

Troj/Small-AT attempts to terminate the processes rpas.exe and wnsapisu.exe and also attempts to delete the the following files in the Windows system folder:

rpas.exe, wnsapisu.exe, kuoreq.dll

The Trojan attempts to delete the following files from the Downloaded Program files folder:

MediaTicketsInstaller.INF
MediaTicketsInstaller.ocx

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/Small-AT

Summary

Action

More Information