high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | June 2007 (4.18) |
| Protection available since | 6 May 2007 12:55:57 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/DownLd-ABF is an advertising related downloader Trojan for the Windows platform.
Troj/DownLd-ABF infects HTML files stored on the local computer with IFRAME links to advertising related HTML pages.
Troj/DownLd-ABF can arrive as a result of web browsing. Visiting certain web sites may initiate the download process.
Troj/DownLd-ABF infects all HTML files on the computer, appending a SRC= link to a remote JavaScript file. This JavaScript simply uses document.write to append a new IFRAME element to the HTML file, with a SRC= link to a advertising related HTML page.
Troj/DownLd-ABF can arrive as a result of web browsing. Visiting certain web sites may initiate the download process.
When Troj/DownLd-ABF is installed the following files are typically created:
<Windows>\123.txt
<Windows>\1234.txt
<Windows>\edit.txt
<Windows>\ganran.txt
<System>\5640.exe
<System>\705.54755640.exe
<System>\winsock.exe
<Temporary Internet Files>\mh[1].exe
The following registry entry is created to run 5640.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
(Default)
<System>\5640.exe
|
