Threat Description

Futs

Details

Aliases:Futs, Trojan.Futs
Category:Malware
Type:Trojan
Platform:W32

Summary



Anti-virus software developer Sophos reports the detection of the latest Trojan, Trojan.Futs, that is designed to integrate with Novell Netware. When executed, the Trojan presents the user with a screen containing various options. These include filling the local hard disk, erasing the CMOS memory, deleting all files on the local hard disk, causing the NetWare server to beep constantly, making various NetWare queries or activating a multi-user chat system.

The Trojan includes a "boss screen" option, which pops up a fake Borland Pascal 7.0 window. Troj.Futs also has an option to drop the BW-770-b* DOS executable file virus. *BW-770-b is a DOS executable file virus that when executed, infects COM and EXE files in the current directory, increasing their length by 770 bytes.

Occasionally the virus displays the message: "Don't be a fool, fuck the school", attempts to format the hard drive, or causes the computer to beep constantly until it is rebooted.

The virus was written with the Biological Warfare virus construction kit.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.








Technical Details: Kaspersky Labs; May 2001


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More