LNK_PENEPE.D
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Trojan
Destructiveness: No
Encrypted: No
In the wild: Yes
OVERVIEW
This Trojan arrives as a component bundled with malware/grayware packages. It may arrive using one or multiple arrival methods.
This is the Trend Micro detection for files that exhibit certain behaviors.
TECHNICAL DETAILS
538 bytes
LNK
No
08 Feb 2011
Executes a malicious script file
Arrival Details
This Trojan arrives as a component bundled with malware/grayware packages.
It arrives via the following means:
- Dropped along with the following component files:
- C:\Win.Msi\alg.vbs - detected by Trend Micro as VBS_PENEPE.C
- C:\Win.Msi\cssrs.exe - non-malicious file; open source proxy server from 3proxy.ru
- C:\Win.Msi\System.exe - non-malicious file; open source command-line connection utility from PuTTY
Other Details
This is the Trend Micro detection for:
- a shortcut file pointing to C:\Win.Msi\alg.vbs, which is detected by Trend Micro as VBS_PENEPE.C. The said malware copies the this LNK file into the Windows Startup folder as DISKDOCTOR.LNK for its autostart technique. It usually arrives with other component files in a self-extracting archive downloaded unknowingly by a user from links in spam mails.
SOLUTION
8.900
Step 1
For Windows XP and Windows Server 2003 users, before doing any scans, please make sure you disable System Restore to allow full scanning of your computer.
Step 3
Search and delete this folder
- C:\Win.Msi
Step 4
Scan your computer with your Trend Micro product to delete files detected as LNK_PENEPE.D. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
Did this description help? Tell us how we did.