Your Order For Spy Doctor .......

Red Devil · 09-01-06, 03:53 PM

is here and $79 has been debited from your account. Click here etc etc.

Yeah right!

This is what the email called spy doctor attempts to install in your system:

The Small.coy trojan downloader belongs to a family of known primitive trojan downloaders that have a download URL encrypted in the end of their files. The URL to this particular trojan downloader (smsender.exe file) was spammed in e-mails to a large number of addresses. When downloaded and run by a recipient the trojan downloader attempts to download and activate a file named installer2.0.26.exe from a website hosted in Canada.

The downloaded file is detected as 'Trojan-PSW.Win32.Agent.fy' and it is technically a trojan dropper. Once activated, it drops a DLL file and registers it as a component of Internet Explorer. This DLL file is the main spying component and it is activated when Internet Explorer is run. The spying component collects and sends out the following data:

Data from webforms that a user fills in including the URLs of the site
POP and SMTP (e-mail) account login names and passwords
HTTP e-mail account login names and passwords
MSN passwords
Outlook account information
Internet Explorer passwords for protected sites
IE autocomplete fields data
Information about an infected computer
Windows cached passwords

The trojan can also create a batch file that deletes system files from the Program Files and System Root (main Windows directory) folders.

Skybird · 09-01-06, 04:36 PM

White letters on light grey background...

TteFAboB · 09-01-06, 05:05 PM

If you highlight the text to read it your computer will be infected, that's what is written. Now excuse me, I have to reformat my hard-drive to get rid of this trojan.

STEED · 09-01-06, 05:56 PM

Quote:

Originally Posted by Skybird

White letters on light grey background...

I know the feeling Skybird.

here we go again, highlight the text just to read it.

kiwi_2005 · 09-01-06, 08:43 PM

Yeah i caught a trogan a week ago from downloading a ultility of that download.com site which is usually safe. My antivirs/spyware didn't detect anything then when i went to install all hell broke loose and my pc's came to a standstill, webbrowsing, opening folders etc., was so slow, i would get on startup a window popping up saying a program is asking you to dial in to google.com???

Reformatted.

bradclark1 · 09-02-06, 11:32 AM

Quote:

Originally Posted by STEED

I know the feeling Skybird.

here we go again, highlight the text just to read it.

Yeah. Life is tough.

Linton · 09-02-06, 12:27 PM

When you get infected apart from reformatting what else can you do?

Gizzmoe · 09-02-06, 12:39 PM

Quote:

Originally Posted by Linton

When you get infected apart from reformatting what else can you do?

You can boot to Safe Mode, then run Adaware, Spybot and an antivirus (update them first with the latest definition file). When you try to disinfect the system and Windows is not in Safe Mode then it´s likely that the infection can´t be removed due to locked files.

09-01-06, 03:53 PM	#1
Red Devil The Old Man Join Date: May 2004 Location: Sutton Coldfield England Posts: 1,540 Downloads: 305 Uploads: 0	Your Order For Spy Doctor ....... is here and $79 has been debited from your account. Click here etc etc. Yeah right! This is what the email called spy doctor attempts to install in your system: The Small.coy trojan downloader belongs to a family of known primitive trojan downloaders that have a download URL encrypted in the end of their files. The URL to this particular trojan downloader (smsender.exe file) was spammed in e-mails to a large number of addresses. When downloaded and run by a recipient the trojan downloader attempts to download and activate a file named installer2.0.26.exe from a website hosted in Canada. The downloaded file is detected as 'Trojan-PSW.Win32.Agent.fy' and it is technically a trojan dropper. Once activated, it drops a DLL file and registers it as a component of Internet Explorer. This DLL file is the main spying component and it is activated when Internet Explorer is run. The spying component collects and sends out the following data: Data from webforms that a user fills in including the URLs of the site POP and SMTP (e-mail) account login names and passwords HTTP e-mail account login names and passwords MSN passwords Outlook account information Internet Explorer passwords for protected sites IE autocomplete fields data Information about an infected computer Windows cached passwords The trojan can also create a batch file that deletes system files from the Program Files and System Root (main Windows directory) folders. __________________ > > Captain!, there's a destroyer on the por........ periscope is flooded Sir! > Darkness is only the absence of Light; Ignorance is only the absence of knowledge © www.worldwartwo.uk www.captainwalker.uk

09-01-06, 04:36 PM	#2
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,615 Downloads: 10 Uploads: 0	White letters on light grey background... __________________ If you feel nuts, consult an expert.

09-01-06, 05:05 PM	#3
TteFAboB Admiral Join Date: Oct 2004 Posts: 2,247 Downloads: 4 Uploads: 0	If you highlight the text to read it your computer will be infected, that's what is written. Now excuse me, I have to reformat my hard-drive to get rid of this trojan. __________________ "Tout ce qui est exagéré est insignifiant." ("All that is exaggerated is insignificant.") - Talleyrand

09-01-06, 08:43 PM	#5
kiwi_2005 Eternal Patrol Join Date: May 2004 Location: Aeoteroa Posts: 7,382 Downloads: 223 Uploads: 1	Yeah i caught a trogan a week ago from downloading a ultility of that download.com site which is usually safe. My antivirs/spyware didn't detect anything then when i went to install all hell broke loose and my pc's came to a standstill, webbrowsing, opening folders etc., was so slow, i would get on startup a window popping up saying a program is asking you to dial in to google.com??? Reformatted. __________________ RIP kiwi_2005 Those who can't laugh at themselves leave the job to others.

09-02-06, 12:27 PM	#7
Linton Sea Lord Join Date: Dec 2003 Posts: 1,898 Downloads: 0 Uploads: 0	When you get infected apart from reformatting what else can you do? __________________ http://lintonsview.blogspot.com/