POSSIBLE_SCRDL
Downloader.Trojan(Symantec), Mal/Psyme-A(Sophos), Trojan-Downloader.JS.Agent.di(Kaspersky), SPR/Crypt.DldrScr.2(Avira), VBS/Psyme(McAfee)
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This is the Trend Micro detection for suspicious files that manifest similar behavior and characteristics as the following malware:
- HTML_ADODB
- HTML_AGENT
- HTML_DLOADER
- HTML_IESLICE
- HTML_IFRAME
- HTML_PSYME
- HTML_SOHANAD
- JS_ADODB
- JS_AGENT
- JS_DLOADER
- JS_EXPLOIT
- JS_INJECT
- JS_JSSHELL
- JS_PADODOR
- JS_PETCH
- JS_PSYME
- TROJ_DELF
- JS_SMALL
- TROJ_AGENT
- TROJ_DLOADER
- TROJ_PSYME
- VBS_AGENT
- VBS_DELF
- VBS_DLOADER
- VBS_SMALL
- HTML_ADOSTREAM
- JS_GENERIC
- JS_STRAT
- JS_WONKA
- VBS_MUMAWOW
- VBS_PSYME
If your Trend Micro product detects a file under this detection name, do not execute the file. Delete it immediately especially if it came from an untrusted or an unknown source (e.g., a Web site of doubtful nature). However, if you have reason to believe that the detected file is non-malicious, you can submit a sample for analysis. Detailed analysis will be done on submitted samples, and corresponding removal instructions will be provided, if necessary.
SOLUTION
9.300
NOTES:
Submitting Samples
If you identified suspicious files, you may submit them to us. Sample files for submission must be in ZIP format and should be password-protected. To submit a ZIP file, file compression software such as Winzip must be used. A trial version of Winzip is available here.
To compress a file, please follow the steps below:
- Right-click on the file and select Add to Zip.
- Enter a file name for the zip file.
- On the Options menu, choose Encrpyt. In the input box, type virus. This serves as the password for the zip file.
- Send the sample through the following channels:
• For Trend Micro Premium customers, please submit a virus support case by clicking here:
https://psc.trendmicro.com/eservice_enu/start.swe?SWECmd=Start&SWEHo=psc.trendmicro.com
• For Trend Micro non-Premium customers, please contact your local support network by visiting your Trend Micro regional website.
• For non-Trend Micro customers, scan your system with HouseCall, our highly popular and capable on-demand scanner for identifying and removing viruses, Trojans, worms, unwanted browser plug-ins, and other malware.
Did this description help? Tell us how we did.