Threat Description

Futs

Details

Aliases: Futs, Trojan.Futs
Category: Malware
Type: Trojan
Platform: W32

Summary



Anti-virus software developer Sophos reports the detection of the latest Trojan, Trojan.Futs, that is designed to integrate with Novell Netware. When executed, the Trojan presents the user with a screen containing various options. These include filling the local hard disk, erasing the CMOS memory, deleting all files on the local hard disk, causing the NetWare server to beep constantly, making various NetWare queries or activating a multi-user chat system.

The Trojan includes a "boss screen" option, which pops up a fake Borland Pascal 7.0 window. Troj.Futs also has an option to drop the BW-770-b* DOS executable file virus. *BW-770-b is a DOS executable file virus that when executed, infects COM and EXE files in the current directory, increasing their length by 770 bytes.

Occasionally the virus displays the message: "Don't be a fool, fuck the school", attempts to format the hard drive, or causes the computer to beep constantly until it is rebooted.

The virus was written with the Biological Warfare virus construction kit.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.








Technical Details: Kaspersky Labs; May 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More