high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | June 2007 (4.18) |
| Protection available since | 15 April 2007 07:48:19 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Maran-AB is a password stealing Trojan for the Windows platform.
When Troj/Maran-AB is installed the following files are created:
<Windows>\svchost.exe
<System>\delmeml.bat
<System>\tj6viewer.dll
The file tj6viewer.dll is detected as Troj/Maran-Gen.
The file <Windows>\svchost.exe is registered as a new system driver service named "ADIDown", with a display name of "Power Adapter" and a startup type of automatic, so that it is started automatically during system startup. Registry entries are created under:
HKLM\SYSTEM\CurrentControlSet\Services\ADIDown
Sophos's anti-virus products include Genotypereg; detection technology, which can proactively protect against new threats without requiring an update. Sophos customers have been protected against Troj/Maran-AB (detected as Troj/Maran-Gen) since version 4.14.
Sophos's anti-virus products include Behavioral Genotype™ Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against Troj/Maran-AB (detected as Mal/Packer) since version 4.10.
|
