Home > Threat descriptions >



Category: Malware

Type: Trojan

Aliases: Trojan:W32/Scob, JS/Scob.A, Trojan-Clicker.Win32.VBScobb


When executed, the trojan attempts to use an invisible frame to connect to a page at a remote web site.


Automatic action

Based on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the detected program or file, or ask you for a desired action.

Knowledge Base

Find the latest advice in our Community Knowledge Base.

About the product

See the manual for your F-Secure product on the Help Center.

Contact Support

Chat with or call an expert for help.

Submit a sample

Submit a file or URL for further analysis.

Technical Details

Trojan-Downloader:W32/Scob was found on a number of web sites on late June 24th, 2004, appending to existing files such as jpeg and gif files. According to reports, the script was not appended by modifying the actual files on the server but by using the footer feature from Microsoft's Internet Information Server.


At the time of writing, the page in the web site is not available. While the page is not currently available, there has been reports that this downloader has been used to install variants of Backdoor:W32/Padodor.

The trojan also sets a cookie on the system, causing that it will attempt to connect the remote site no often than once every week.


Further information about this case is also available from Microsoft:

  • https://www.microsoft.com/security/incident/download_ject.mspx

In addition Microsoft has released a new KB (871277) on the Download.Ject Detection and Recovery Advisory:

  • https://support.microsoft.com/?kbid=871277