F-Secure Virus Descriptions : Persis
|
|
|
| NAME: | Persis |
| ALIAS: | W32/Downloader.Persis, TrojanDownloader.Win32.Wintrim |
The first samples of this software were received on 23rd of June.
It appears that a number of people had this software installed
on their system and they were unaware of it.
This software used to install itself without authorization from
the user and given its degree of intrusiveness we added detection for it.
We have not found anything directly malicious or destructive from this
program. As far as we see, this program is currently distributed from web
pages with clear disclaimers explaining its behaviour. We won't be adding
detection of any new versions of this software as long as the disclaimers are clearly
visible to end users.
This software creates the sub-folder "wintrim" under the main Windows folder.
Where it will store its own files and other components downloaded from the
Internet.
It will, as well, add an entry pointing to itself
%windir%/wintrim/wintrim.exe
to the Windows Registry at:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
or
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Although, this entries in the Windows Registry might not always be added.
To remove this software it is enough to delete its files.
Detection in F-Secure Anti-Virus was published on June 26th, 2003:
[FSAV_Database_Version]
Version=2003-06-26_02
[Writeup: Ero Carrera; F-Secure Corp.; April 27th, 2003]
|
