| Profile | |
|
Virus Name Aliases Variants
|
Description Added
6/28/00
Virus Information
| Discovery Date: | 6/27/00 | |
| Type: | Trojan | |
| SubType: | File Deletion | |
| Risk Assessment: | Low | |
| Minimum Engine: | 4.0.50 | |
| Minimum Dat: | 4085 | |
| DAT Release Date: | 7/5/00 |
Virus Characteristics
This is a trojan which deletes files on selected drives via an extracted .BAT file. This trojan uses the program "deltree.exe" found on Windows 9x systems to do its dirty deed. Deltree does not exist on Windows NT systems.
The initial file is named "SIMPSONS.EXE" and the icon appears to be an installer program. Based on the icon, a user may be tricked into running the file. The file is a self-extracting archive file and can be opened using Winzip however double-clicking this file will run the embedded files, one being the destructive .BAT file.
This trojan was first announced by CAI - AVERT has deemed their announcement as a hype alert.
Symptoms
This is a file deletion trojan - it will run immediately upon execution of this trojan. This trojan will attempt to remove all directories from drives a:, b:, c: and d:.
Method Of Infection
SIMPSONS.BAT will run immediately upon execution of SIMPSONS.EXE. This trojan will attempt to remove all directories from drives a:, b:, c: and d:.
The file "SIMPSONS.EXE" is a self-extracting archive file containing two files; "SIMPSONS.BMP" and "SIMPSONS.BAT". The file "SIMPSONS.BAT" is the destructive component of this trojan.
Removal Instructions
Use specified engine and DAT files for detection and removal. Delete files found to contain this detection.