high
Summary
Summary
Action- More Information
| Affected operating systems | Windows |
|---|---|
| Characteristics |
|
| Included in our products from | July 2006 (4.07) |
| Protection available since | 26 May 2006 12:59:53 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing Trojans.
More Information
Troj/Paymite-J is a Trojan for the Windows platform.
In order to run at system startup, Troj/Paymite-J will set the following registry entries:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SysTray
<pathname of the Trojan executable>
Troj/Paymite-J repeatedly changes settings for Microsoft Internet Explorer, including the Start Page, by modifying the following registry values to point to C:\secure32.html:
HKCU\Software\Microsoft\Internet Explorer\Main\Local Page
HKCU\Software\Microsoft\Internet Explorer\Main\Start Page
HKCU\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Local Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL
Troj/Paymite-J looks for computers on the local network and sends fake warning messages as if from "SYSTEM" with the following text:
DETECTED SPYWARE! SYSTEM ERROR #384
Your IP address is <receiving computer's IP address>
Your computer is full of evidences!
To protect from the Spyware: www.spyfix.biz
To prevent information transmission: www.spyfix.biz
To delete the history of your activity: www.spyfix.biz
FAILURE TO ACT NOW MAY LEAD TO SYSTEM FAILURE!
The Trojan sends fake warning messages.
|
