Hi!
Nicht unbedingt.
Die meisten bekommen es ja gar nicht mit.
Es ist der gleiche Virus, der auch in der RSA-ToolboxV1.0 steckte:
"This Trojan spy program is a Windows PE EXE file. It is written in Borland Delphi. The size of the infected file may vary between 12KB to 36KB. Infected files may be packed with a range of packers.
Payload
Once launched, the Trojan creates a process which has the same name as the original file:
<original Trojan name>.exe
Every 60 seconds, the Trojan attempts to send a request to a remote malicious user’s robot located at the following address:
http://wm.****ostar.info/cgi-bin5/repeaterm.fcgi?n=.....
The link may vary in different variants of the Trojan.
If the Trojan is able to establish a connection, it will receive a number of email addresses. Spam will then be sent to these email addresses. The spam content will also be received from the robot.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
Use Task Manager to terminate the Trojan process (<original Trojan name>.exe).
Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus)."
Eben wegen diesem Trojaner wurde der Hex / Dez Switcher in der RSA-ToolboxV1.1 wieder entfernt...
MfG,
Thomas2
Zitieren