Threat Information for "Trojan.Mespam"

StopSign will automatically remove this infection with a paid membership.

• Name: Trojan.Mespam
• Aliases:
• Date Discovered: 2007-03-13
• Protection Added: 2007-03-13

-- Ease of Removal

1: Runs as a BHO or shell extension
2: Consistently named
3: Consistent file contents
4: Creates new unique registry entries

-- Privacy Risks/Security Changes

1: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Creates new files
2: Significantly slows down the computer

-- Propagation/Saturation

1: Infects from a link in an email
2: Spreads through instant messenger software

• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmtaim.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmtymsg.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\ymsgsmx.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmtsmtspm.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\aosmx.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmticq.dll
• Added Directory/File:
  FilePath: %ROOTDRIVE%rsvp32_2.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmtforum.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\sporder.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\gtalsmx.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmtwbmail.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\aimsmx.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmtsmt.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\rsvp32_2.dll
• Added Directory/File:
  FilePath: %SYSTEMDIR%\pfxzmtgtal.dll
• Added Registry Key:
  Key: HKLM\SOFTWARE\WinSock2\Buibert
• Added Registry Data:
  Key: HKLM\%BHOREG%\* Value: [RANDOM VALUE] Data: *rsvp32_2* wildData=TRUE