Threat Description

Trojan:​W32/PFV-Exploit

Details

Aliases: Trojan:​W32/PFV-Exploit, Trojan:​W32/PFV-Exploit
Category: Malware
Type: Trojan
Platform: W32

Summary


Also known as a trojan horse program, this is a deceptive program that performs additional actions without the user's knowledge or permission. It does not replicate.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

Detailed instructions for F-Secure security products are available in the documentation found in the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for further assistance.



Technical Details


Trojan:W32/PFV-Exploit is a detection for files containing an exploit for a vulnerability in Windows WMF (Windows Metafile) handling. The vulnerability may be exploited either locally or remotely, if an attacker can trick the user into viewing a specially crafted WMF file. Possible attack scenarios are:

  • When user visits malicious web site containing a specially crafted WMF file
  • When user views malicious WMF file (locally or network share)
  • When user opens email containing malicious WMF

A new exploit targeting this vulnerability was found in the wild in December 28th 2005.

More

According to Microsoft, the following versions of Windows are affected by the flaw:

  • Windows 2000 SP4
  • Windows XP SP1
  • Windows XP SP2
  • Windows XP Professional x64
  • Windows Server 2003
  • Windows Server 2003 SP1
  • Windows Server 2003 Itanium
  • Windows Server 2003 Itanium SP1
  • Windows Server 2003 x64
  • Windows 98SE, ME

Please see the following links for more details:






SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More