|
Trojan.Win32.FireAnvi Viruses Information
| Name: |
Trojan.Win32.FireAnvi |
| Category: |
Viruses |
| Description:
|
Details
Trojan.Win32.FireAnvil
This is a trojan program that is built into the "Firehand Ember Millenium" commercial software (produced by the Firehand Technologies Corporation, http://www.firehand.com).
The trojan was found in version "5.2.3.0" of this software, in beginning of September 2002. The trojan was found in original "Firehand Ember" package, and it was available for download at Firehand Web site: http://www.firehand.com/Ember/index.html.
Next week after the trojan was found, the trojan package was removed from download area and replaced with another "5.2.3.0" version where trojan components were removed.
The trojan components were found in two files in this package:
Ember32.exe - the main executable file
fireutil.dll - program's library
On activating the trojan displays the message:
CrAcKiNg SoFtWaRe! PlEaSe WaIt!
Then it looks for all files on the drive where Windows is installed, and overwrites files with the text:
CzY CrAcKiNg CrUe! We CrACk EvErYtHiNg!
The trojan is activated on entering registation data:
Registered User ID: [_________]
Registration Key: [_________]
in case the "Registered User ID" field contains the "czy czy" string (any cased). |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
Squatter.731
Peterburg.52
YanShort.162
Burglar famil
Made Famil
Jolter.219
I-Worm.Davini
I-Worm.Peac
Light.101
Getto.200
|
