Other versions: .h
| Detection added |
Oct 31 2006 08:22 GMT |
| Description added |
Nov 01 2006 |
| Behavior |
TrojanDropper |
This Trojan is designed to install other Trojan programs to the victim machine
without the knowledge or consent of the user. It is a Microsoft Word document
contains a macro. The size of the infected Microsoft Word document known to
Kaspersky Lab is 205 825 bytes.
Each time Microsoft Word is launched (AutoExec) and a Microsoft Word format
document is opened (AutoOpen and Document_Open), functions from the main Trojan
module will be launched.
The Trojan deencrypts strings from the function text, and then saves the resulting
file body to the C: root directory to a file called "LS060E5.eXE":
C:\LS060E5.eXE (27 648 bytes)
This file will be detected by Kaspersky Anti-Virus as Trojan-PSW.Win32.LdPinch.bbg.
The file will then be launched for execution.
- Check the C: root directory for a file called “LS060E.eXE”
and delete it:
C:\LS060E5.eXE
- Close all Microsoft Office applications.
- Update your antivirus databases and perform a full scan of the
computer (download a trial version of Kaspersky Anti-Virus).
