|
Description:
This memory-resident Trojan may be downloaded from the Internet, dropped by another malware, or manually installed by a user.
It adds several registry entries to enable its automatic execution at Windows startup. This autostart technique fails, however, since the said registry entries point to a non-existent file.
This Trojan displays a series of images when the Internet Explorer browser title bar contains any of the following text strings:
- Exhibitionism
- jeggar
- Penis
- Phallic
- Phallus
- Priapus
- sex
- teen
Based on the cited text strings, it appears that this Trojan aims to disrupt browsing activities related to adult or mature materials. This interference may cause annoyance to some users. The proceeding text further illustrates this Trojan's routine.
If the said strings are found, this Trojan minimizes the Internet Explorer (IE) window and displays the following image:
After a few seconds or if the Next button is clicked, this Trojan proceeds to display the following image in the center of the screen:
The said image disappears after a few seconds.
If the minimized window is restored, or another window containing the aforementioned strings is opened, this Trojan again displays two images in succession.
If another IE window containing the said strings is opened and the second cited image has been displayed six (6) times, the following image is shown together with the current time:
If the mouse cursor is moved within the shown gray area, the following image appears and "traps" the mouse cursor:
Clicking any of the buttons shown in the screen logs off the user from Windows.
Additionally if Registry Editor is opened, it is minimized by this Trojan.
For additional information about this threat, see:
Solution
Technical Details
Description created: Sep. 6, 2005 3:06:06 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
