Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan:W32/Scob


Aliases:


Trojan:W32/Scob
Trojan:W32/Scob
Trojan-Clicker.Win32.VBScobb JS/Scob.A

Malware
Trojan
W32

Summary

A trojan, or trojan horse, is a seemingly legitimate program which secretly performs other, usually malicious, functions. It is usually user-initiated and does not replicate.



Disinfection & Removal

Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Trojan-Downloader:W32/Scob was found on a number of web sites on late June 24th, 2004, appending to existing files such as jpeg and gif files. According to reports, the script was not appended by modifying the actual files on the server but by using the footer feature from Microsoft's Internet Information Server.


Activity

When executed, the trojan attempts to use an invisible frame to connect to a page at a remote web site. At the time of writing, the page in the web site is not available. While the page is not currently available, there has been reports that this downloader has been used to install variants of Backdoor:W32/Padodor.

The trojan also sets a cookie on the system, causing that it will attempt to connect the remote site no often than once every week.


Note

Further information about this case is also available from Microsoft:

  • http://www.microsoft.com/security/incident/download_ject.mspx

In addition Microsoft has released a new KB (871277) on the Download.Ject Detection and Recovery Advisory:

  • http://support.microsoft.com/?kbid=871277






Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.