Contactez-nous Suivez-nous sur Twitter En francais English Language

De la Théorie à la pratique

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Panda Security’s weekly report on viruses and intruders

February 2009 by Panda Security

The Sinowal.VZR and NoVideo.A Trojans and the Autorun.INJ worm are the focus of this week’s PandaLabs report.

On infecting computers, Sinowal.VZR deletes the cookies and browser history to get users to type the address, user name and password of the Web pages accessed. This is because this Trojan monitors the user’s Internet activity and needs the user to re-enter the passwords to record them.

The information stolen is then sent to the malware creator through FTP.

To spread, this Trojan sends emails, which claim to come from various airlines, informing the recipients they have charged an amount of money against their accounts. The emails have a file attached called which supposedly includes the details of the ticket purchased by the user, but it is really a copy of the malware that will be activated when the user opens the file in the .zip file.

NoVideo.A is a Trojan designed to change folder options and disable the Windows Registry tools. In addition, it disables the programs for blocking pop-ups, and even eliminates the image preview of pictures on websites, and videos of the pages visited by users.

This Trojan also drops a copy of the Suurch adware onto the computer.

Finally, Autorun.INJ is a worm that passes itself off as photo files, reaching the computer with names like:

- Fondo1024.exe
- ImagenCamara.exe

Like all the worms of this family, it copies itself to all the computer’s drives (shared and removable), and in this case, on all the user’s folders.

It also adds entries to the Windows Registry, to run with every Windows start-up, to prevent users from changing the Windows Explorer and Control Panel folder options. Additionally, it disables the registration tools and the MSDOS (CMD) console.

See previous articles


See next articles