Trojan.Spamship
Trojan.Spamship is a Trojan horse that was created specifically to send spam email messages. If executed, Trojan.Spamship will modify system registry and add itself as a system service to run itself automatically when Windows is started. The spam email will have an infected attachment that was identified as Trojan.Swifi that will attempt to exploit certain Adobe Flash Player and Adobe Acrobat vulnerability to further infect the computer.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Trojan.Spamship:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Online Virus Scanner:
Another way to remove a virus without the need to install additional anti-virus application is to perform a thorough scan with free Online Virus Scanner that can be found here or on websites of legitimate anti-virus and security provider.
Technical Details and Additional Information:
Other functionalities of this Trojan:
- Access specified location on the Internet.
- Connects to specified SMTP server to send phishing spam.
- It will disguise as an email from Chase Paymentech Team
Malicious Files Added by Trojan.Spamship:
%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeTM4\”DisplayName” = “AdobeTM4″
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AdobeTM4\”ImagePath” = “%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe”