Symptoms
The exploit doesn't have any obvious symptoms.
It exploits a vulnerability in the ActiveX control for the Snapshot Viewer for some versions of Microsoft Access. It downloads a file onto the affected computer which may be a piece of malware.
Removal instructions:
You can avoid further problems with this exploit by setting the "killbit" to this CLSID :
{F0E42D50-368C-11D0-AD81-00A0C90DC8D9}. You can
find out how to do this here :
http://support.microsoft.com/KB/240797
Please let BitDefender disinfect your files.
Analyzed By
Daniel Chipiristeanu, virus researcher
Technical Description:
The malware exploits a vulnerability in the ActiveX control for the
Snapshot Viewer present in some versions of Microsoft Access.
It downloads a file onto the affected computer which may be a piece of malware and uses this CLSID
{F0E42D50-368C-11D0-AD81-00A0C90DC8D9} that belongs to
Snapshot Viewer for Microsoft Access. The vulnerability presents itself in the snapview.ocx found in different Microsoft Access packages and the standalone product.
The file is downloaded in an arbitrary path which means that it can use tricks to start itself at startup ( "Startup" folder - %Start Menu%\Programs\Startup" ).
You can find out more about this
here.
SHARE
THIS ON