|
|
Trojan.AOL.Buddy. Viruses Information
| Name: |
Trojan.AOL.Buddy. |
| Category: |
Viruses |
| Description:
|
Details
Trojan.AOL.Buddy.a
this text was written by Alexey Podrezov, Data Fellows Ltd
The "Trojan.Aol.Buddy" (also known as "PennyTools Trojan") is an AOL password stealing Trojan. Two versions are currently known (by May 1999). This Trojan uses a tricky way of installing itself to system. It uses 5 different ways at the same time to make disinfection more difficult:
1. Through Registry by modifying RUN key to launch C:COMMAND.EXE hidden file, which is the Trojan's body
2. Through SYSTEM.INI by adding a screensaver reference routine to C:WindowsSystemWINSAVER.EXE - the system will become infected when the screen saver starts.
3. Through WIN.INI - by adding to the execution of C:America Online 4.0BUDDYLIST.EXE hidden file to LOAD= string with more than 80 spaces in front of the line to hide it
4. Again through WIN.INI - by adding to the execution of a C:WindowsSystemNortonAntiVirREGISTRYREMINDER.EXE hidden file to RUN= string
5. Through the Windows start-up directory - by placing an AIM REMINDER.EXE file in the WindowsStart MenuProgramsStartup folder.
Also a DLL is created in the WindowsSystem folder with the name VCLCNTL.DLL, but it contains some text data for the Trojan, not DLL code. When Windows is started, the Trojan is also started (one of steps 1-5), and remains active during all Windows sessions. It sends a user's AOL login and password as an e-mail to or addresses (depending on the Trojan version). |
Top Viruses Visited Pages:
Invader. - 234 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 65 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 59 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 47 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
VBS.Rabbit.
Dy.27
Hail.67
StayCool.57
Win32.Drol.5337.
Backdoor.Phase.1
TheWanderer.144
Macro.Word.Dot66
DoomMbr.40
Macro.Word.Templ
|
|
