Since September 5th, there has been information in the media about a trojan called Donald Duck, which is said to spread with a variant of the Love Letter worm. F-Secure is not aware of such a variant of Love Letter. Instead, there has been a hacker attack against an ISP in the Philippines, where the hackers were spreading two known trojans called "donald.exe" and "erap.exe" as e-mail attachments. These files are detected by F-Secure Anti-Virus as SubSeven.backdoor.v213 and Trojan.PSW.Barok.c.
Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.
More scanning & removal options
More information on the scanning and removal options available in your F-Secure product can be found in the Help Center.
You may also refer to the Knowledge Base on the F-Secure Community site for more information.
According to reports, the messages that were circulating among the users of the ISP had the following subjects:
"DHL PROMO FREE!!! (fwd)"
Descriptions of the SubSeven and Barok trojans can be found on our virus information pages:
A description of the LoveLetter worm can be found at:
Technical Details: F-Secure Corporation September 6, 2000