New Worm[solved]
The worm was also found with a text file, with the same name as the exe, which contained what appears to be keylogger data.
zip password is "infected".
/applications/core/interface/file/attachment.php?id=342" data-fileid="342" rel="">svchots_.zip
-GT
0
Comments
-
Thank you for the sample. Detection will be available as of the next signature update and it will be detected as Trojan.PSW.Maha.A
It is a password stealer targeted at IM passwords (such as ICQ). It drops a file named sqlserver.dll in the system32 directory (also detected with the same name), which is loaded in all the processes, so offline cleaning might be necessary.
Best regards0