Results 1 to 2 of 2

Thread: Download.Ject Payload Detection and Removal Tool

  1. #1
    Old and Cranky Super Moderator rik's Avatar
    Join Date
    Aug 2003
    Watching Your every move...

    Download.Ject Payload Detection and Removal Tool

    Microsoft has learned of a Trojan horse program that is named W32/Berbew (variants A-H) that is downloaded after a Microsoft Windows-based client computer is infected with the Download.Ject malware. This problem occurs when a user visits a Web site that is hosted on a server that is running Microsoft Internet Information Services (IIS) and that has been infected by JS.Scob. The Web pages that are downloaded to the user's computer contain an additional JavaScript program that downloads the Backdoor:W32/Berbew Trojan horse. Backdoor:W32/Berbew is also known as Backdoor-AXJ, Webber, or Padodor. When this Trojan horse runs on the user's computer, it performs several actions, including the following:

    It monitors Internet access. When the user visits one of several financial or ISP Web sites, the Trojan horse captures sensitive information, such as log-in names, passwords, and other sensitive information. The Trojan horse then sends that information to a Web server for the Trojan horse's author to retrieve. It installs a proxy server that configures the user's computer for use as a relay for such actions as sending spam.
    It opens fake dialog boxes that prompt the user to enter confidential information, such as ATM card codes or credit card numbers. This information is then sent to a Web server for the Trojan horse's author to retrieve.
    Microsoft has released a tool to help you remove Backdoor:W32/Berbew Trojan horse variants from your computer. You can download this tool from the Microsoft Download Center and run it on your computer to remove Backdoor:W32/Berbew.A, Backdoor:W32/Berbew.B, Backdoor:W32/Berbew.C, and Backdoor:W32/Berbew.D, Backdoor:W32/Berbew.E, Backdoor:W32/Berbew.F, Backdoor:W32/Berbew.G and Backdoor:W32/Berbew.H infections.

    The full article and detection/removal tool is available at the link.

  2. #2
    Security Intelligence TZ Veteran cash_site's Avatar
    Join Date
    Jul 2002
    Software Paradise
    Have people still not patched IE for that exploit... I hear the Firefox bandwagon is getting longer!

    --- 0wN3D by 3gG ---

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts