Malware type: Trojan
Aliases: Trojan-Downloader.Win32.Femad.dc (Kaspersky), StartPage-DU (McAfee), Adware.CWSIEFeats (Symantec), TR/Crypt.XPACK.Gen (Avira), Mal/EncPk-BI (Sophos),
In the wild: No
Destructive: No
Language: English
Platform: Windows 95, 98, ME, NT, 2000, XP
Encrypted: No
Overall risk rating:
Low
Reported infections:
Low
Damage potential:
Medium
Distribution potential:
Low
Description:
Upon execution, this Trojan attempts to delete the file MSN.HTA in the Windows folder of an affected system. This Trojan downloads files from the following Web sites and saves them as MNOJ.EXE in the Temp folder:
*
http://bin.wor<BLOCKED>dsx.cc/dia343/m.jpg
*
http://82.179.1<BLOCKED>66.67/y.jpg
*
http://82.179.1<BLOCKED>66.69/w.php?e=1&dir=dia343&ex=3
This Trojan then executes the saved file MNOJ.EXE. After a 2-minute delay, this Trojan deletes the .EXE file and then terminates.