high
Summary
Summary
Action- More Information
| Protection available since | 11 June 2004 22:20:19 (GMT) |
|---|---|
| Last updated | 14 June 2004 11:54:09 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Sober-H emails messages in German to addresses found in files on the hard disk. The Trojan searches for email addresses in files whose names contain the following strings:
pmr stm slk inbox imb csv bak imh xhtml imm imh cms nws vcf ctl dhtm cgi pp ppt msg jsp oft vbs uin ldb abc pst cfg mdw mbx mdx mda adp nab fdb vap dsp ade sln dsw mde frm bas adr cls ini ldif log mdb xml wsh tbb abx abd adb pl rtf mmf doc ods nch xls nsf txt wab eml hlp mht nfo php asp shtml dbx
The Trojan stores email addresses in the Windows system folder in the files llsapwin32.dats and mswn32sock.dats.
Troj/Sober-H does not send mail to any address which contains the following strings:
@www @from. smtp- @smtp. gold-certs ftp. .dial. .ppp. anyone subscribe mantec announce @gmetref sql. someone nothing you@ user@ reciver@ somebody secure msdn. me@ whatever@ whoever@ anywhere yourname mustermann@ .kundenserver. mailer-daemon variabel -dav law2 .sul.t- .qmail@ t-ipconnect t-dialin ipt.aol time freeav @ca. abuse winrar domain. host. viren bitdefender spybot detection icrosoft ewido. emsisoft @foo. winzip @example. bellcore. @arin mozilla @iana @avp @msn @sophos @panda @kaspers free-av antivir virus verizon. @ikarus. @nai. @messagelab nlpmail01. clock
Troj/Sober-H creates the following empty files in the Windows system folder.
Odin-Anon.Ger
bcegfds.lll
cvqaikxt.apk
zhcarxxi.vvx
|
