TROJ_CHEPVIL.RAR - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_CHEPVIL.RAR

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Low
Distribution potential:		Low

Description:

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

TROJ_CHEPVIL.RAR Behavior Diagram

Malware Overview

This is Trend Micro detection for the compressed RAR attachment received through a certain spam email. A screenshot of the said email is given below:

${TROJ_CHEPVIL.C email}$

The said email provides a password which is used to extract the attachment's .EXE content, which Trend Micro detects as TROJ_CHEPVIL.C. The attachment is compressed in RAR format.

As a result, once a user extracts and executes the contents of the compressed attachment, routines of the extracted Trojan are also exhibited on the affected system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Aug. 5, 2008 11:39:02 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.