Threat Description

Trojan: W32/Scob


Category: Malware
Type: Trojan
Platform: W32
Aliases: Trojan:W32/Scob, JS/Scob.A, Trojan-Clicker.Win32.VBScobb


Trojan-Downloader:W32/Scob was found on a number of web sites on late June 24th, 2004, appending to existing files such as jpeg and gif files. According to reports, the script was not appended by modifying the actual files on the server but by using the footer feature from Microsoft's Internet Information Server.


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More scanning & removal options

More information on scanning or removal options is available in the documentation for your F-Secure security product on the Downloads section of our Home - Global site.

You may also refer to the Knowledge Base on the F-Secure Community site for more information.

Contact Support

For further assistance, F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

Technical Details

When executed, the trojan attempts to use an invisible frame to connect to a page at a remote web site. At the time of writing, the page in the web site is not available. While the page is not currently available, there has been reports that this downloader has been used to install variants of Backdoor:W32/Padodor.

The trojan also sets a cookie on the system, causing that it will attempt to connect the remote site no often than once every week.


Further information about this case is also available from Microsoft:


In addition Microsoft has released a new KB (871277) on the Download.Ject Detection and Recovery Advisory:



Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More