Cart
Trojan.Exploit.ANOW( Trojan-Downloader.VBS.Agent.qo; JS/Objsnapt.A; VBS:SanpshotView-A [Expl] )
SYMPTOMS: There are no obvious signs until the attacker manages to infiltrate the system.TECHNICAL DESCRIPTION: This malware is written in Javascript and exploits a vulnerability in the Snapshot Viewer ActiveX control for Microsoft Access(snapview.ocx). The payload will be the download of a file from the following link http://www.oiutr.net/new/[removed].css (detected by Bitdefender as Rootkit.Agent.AIWN). The file will be saved to the following path [c or d or e]:/Program Files/Outlook EXpress/WAB.EXE.You can find more information about this vulnerability here CVE-2008-2463. Removal instructions: Keep updated your products.You can disable this ActiveX control by setting the kill bit for the following CLSIDs: {F0E42D50-368C-11D0-AD81-00A0C90DC8D9} {F0E42D60-368C-11D0-AD81-00A0C90DC8D9} {F2175210-368C-11D0-AD81-00A0C90DC8D9} You can find information about setting a kill bit here. Please let BitDefender delete the infected files. ANALYZED BY: Dana Stanut, virus researcher |
