Trojan.AOL.Cool is a trojan that affects AOL client software and steals information from AOL users. Also according to reports it can spread itself to other AOL users (we can't confirm that so far).
Disinfection requires all 3 trojan files to be deleted. As one of these files is locked when Windows is active, it should be deleted from DOS. The WIN.INI file should be modified to remove the trojan's execution string after 'RUN=' tag. Read-only attribute has to be removed from the file before modification.
Find the latest advice in our Community Knowledge Base.
See the manual for your F-Secure product on the Help Center.
Submit a file or URL for further analysis.
The trojan usually arrives in email message with a subject 'Hey You' and MINE.EXE file attached. When that attachment is run, the trojan installs itself 3 times (all its files have hidden attributes):
c:\msdos98.exe \Windows\uninstallms.exe \Windows\System\mine.exe
The trojan modifies 'RUN=' tag in WIN.INI file to run one of its copies each time Windows starts. The trojan adds a lot of spaces to its execution string in WIN.INI to hide its name from being viewed in a text viewer/editor when text lines are not wrapped. Also the trojan sets readonly attribute to WIN.INI file.
[Alexey Podrezov, F-Secure Corp.; January 2001]