Techguy
November 21, 2000, 10:28 am
Trojan: TROJ_SONIC.B
--------------------------------------------------------------------------------
TROJ_SONIC.B
Risk rating: medium
Virus type: Trojan
Destructive: Y
Aliases:
SONIC.B, I-Worm.Sonic.B, TROJ_SONIC.27, TROJ_SONIC.28, TROJ_SONIC.29, TROJ_SONIC.40, TROJ_SONIC.A
Description:
This multi-component Internet worm, and Backdoor tool spreads itself via email. It disguises itself as a Windows native executable GDI32.EXE and comes via email as a UPX compressed file (Compressed: 25,088 Bytes; Uncompressed: 55,808 Bytes). When executed, this Trojan connects to a predetermined host, downloads its main component into the infected computer. Upon execution of the main component (Compressed: 42, 496 Bytes; Uncompressed: 100, 352 Bytes), the Trojan searches for Windows Address Book files (*.WAB) and uses the email addresses found there to spread. It sends an email to all addresses found with itself as an attachment, LOVERS.EXE. This email has the subject: I'm your poison.
The main component of this Trojan is saved in the Windows directory with the same name as the loader. The backdoor component of this Trojan is very dangerous, since it allows a remote user to have full access to the infected computer.
Solution:
Click START|RUN
Type REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
In the right panel, search for the registry key containing data values GDI = “%systemdir%\GDI32.EXE” or GDI = “%windir%\GDI32.EXE”.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Exit the registry.
Click START|SHUTDOWN. Choose "Restart” and click OK.
Go to WINDOWS directory and delete file GDI32.EXE.
Go to WINDOWS SYSTEM directory and delete file GDI32.EXE.
Restart computer
Scan your system with your antivirus and delete all files detected as TROJ_SONIC.B.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.
--------------------------------------------------------------------------------
TROJ_SONIC.B
Risk rating: medium
Virus type: Trojan
Destructive: Y
Aliases:
SONIC.B, I-Worm.Sonic.B, TROJ_SONIC.27, TROJ_SONIC.28, TROJ_SONIC.29, TROJ_SONIC.40, TROJ_SONIC.A
Description:
This multi-component Internet worm, and Backdoor tool spreads itself via email. It disguises itself as a Windows native executable GDI32.EXE and comes via email as a UPX compressed file (Compressed: 25,088 Bytes; Uncompressed: 55,808 Bytes). When executed, this Trojan connects to a predetermined host, downloads its main component into the infected computer. Upon execution of the main component (Compressed: 42, 496 Bytes; Uncompressed: 100, 352 Bytes), the Trojan searches for Windows Address Book files (*.WAB) and uses the email addresses found there to spread. It sends an email to all addresses found with itself as an attachment, LOVERS.EXE. This email has the subject: I'm your poison.
The main component of this Trojan is saved in the Windows directory with the same name as the loader. The backdoor component of this Trojan is very dangerous, since it allows a remote user to have full access to the infected computer.
Solution:
Click START|RUN
Type REGEDIT and hit ENTER key
In the left panel, click the "+" to the left of the following:
HKEY_LOCAL_MACHINE
Software
Microsoft
Windows
CurrentVersion
Run
In the right panel, search for the registry key containing data values GDI = “%systemdir%\GDI32.EXE” or GDI = “%windir%\GDI32.EXE”.
In the right window, highlight the registry key that loads the file and press the DELETE key. Answer YES to delete the entry.
Exit the registry.
Click START|SHUTDOWN. Choose "Restart” and click OK.
Go to WINDOWS directory and delete file GDI32.EXE.
Go to WINDOWS SYSTEM directory and delete file GDI32.EXE.
Restart computer
Scan your system with your antivirus and delete all files detected as TROJ_SONIC.B.
------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.