VBS/Psyme trojan?

[Mason121]

What does this trojan actually do to a computer. I went to a web site and my
AV
picked it up right away and quarantined it. Is this something, that if one
hasn`t done a windows update, would be the problem? I looked on the internet
for some info on this trojan but haven`t found much info execpt how to get rid
of it.
TIA.......Dan.

 

[David W. Hodgins]

What does this trojan actually do to a computer. I went to a web site and my
AV
picked it up right away and quarantined it. Is this something, that if one
hasn`t done a windows update, would be the problem? I looked on the internet
for some info on this trojan but haven`t found much info execpt how to get rid
of it.

http://securityresponse.symantec.com/avcenter/venc/data/downloader.psyme.html
indicates it downloads and executes another program from a specific website, but
doesn't say which website, or what the next program does. I suppose the program
gets "updated", as required (from the trojan writer's point of view).

Which website did you see this at? As you've surmised, it's probably exploiting a
known older (as in published at least a week ago) bug in IE.

Try switching to a safer browser, such as mozilla, or opera.

Regards, Dave Hodgins

 

[FromTheRafters]

What does this trojan actually do to a computer.

Downloads *and* executes a file. (not a good thing).

I went to a web site and my AV picked it up right away and quarantined it.

If your AV definitions are up-to-date then it might be a downloader
that didn't get the chance to execute. If your AV definitions are not
quite up-to-date, it may be a false positive detection which could
have been cleared up with new definitions. I don't remember which
AV was making the false positive identification, but it was not too
long ago iirc.

 

[David H. Lipman]

McAfee.

I think it was incorrect with DAT v4348 and corrected by DAT v4349. (or was it DAT v4349 and
corrected by DAT v4350).
Anyway, DAT v4351 is out and it was corrected.

Dave



|
|
| > What does this trojan actually do to a computer.
|
| Downloads *and* executes a file. (not a good thing).
|
| > I went to a web site and my AV picked it up right away and quarantined it.
|
| If your AV definitions are up-to-date then it might be a downloader
| that didn't get the chance to execute. If your AV definitions are not
| quite up-to-date, it may be a false positive detection which could
| have been cleared up with new definitions. I don't remember which
| AV was making the false positive identification, but it was not too
| long ago iirc.
|
|
|

 

[Mason121]

Which website did you see this at?

I was checking some info about the movie...The Entity on yahoo. As soon as I
clicked on a link my AV program said a trojan virus.....VBS/Psyme had tried to
execute a program but it was quarantined.
I then did a full virus scan and it found nothing else. My AV program is
updated almost everyday. I also went to windows update and there were 3
critical patches there. I downloaded them. So far I haven`t had any weird
things happenning on my computer.
Dan

 

[Ben Alias]

What does this trojan actually do to a computer. I went to a web site and my
AV
picked it up right away and quarantined it. Is this something, that if one
hasn`t done a windows update, would be the problem? I looked on the internet
for some info on this trojan but haven`t found much info execpt how to get rid
of it.
TIA.......Dan.

I have a friend who uses McAfee AV who managed to get infected with
VBS/Psyme while surfing the web.

One of the things I don't understand is this: Way back in 2001, Norton
recognized that there was a lot of malicious code using Visual Basic
Scripts (VBS), so developed a program to disable/enable Windows
Scripting Host. It made this program available for free, and
incorporated some sort of VBS protection into an upgrade to NAV 2001
and all future editions.

Now, my question is this: Is there no similar protection in McAfee AV?
If not, why not?

If there is no similar protection in McAfee, shouldn't every McAfee
user be using the Norton freebie to toggle off WSH?

C'ya.

Ben