Troj/Sysbug-A

トロイの木馬の除去方法をご覧ください。

Troj/Sysbug-Aはシステム情報を取得し、感染コンピュータへの未認可アクセスを許可するトロイの木馬です。このトロイの木馬は以下の特徴を持つメールで配布されます：

送信元： james2003@hotmail.com

件名： Re[2]: Mary

本文：

Hello my dear Mary,

I have been thinking about you all night. I would like to apologize for the
other night when we made beautiful love and did not use condoms. I know this
was a mistake and I beg you to forgive me.

I miss you more than anything, please call me Mary, I need you. Do you remember when we were having wild sex in my house? I remember it all like it was only yesterday. You said that the pictures would not come out good, but you were very wrong, they are great. I didn't want to show you the pictures at first, but now I think it's time for you to see them. Please look in the attachment and you will see what I mean.

I love you with all my heart, James.

添付ファイル名： Private.zip（wendynaked.jpg.exeを含む）

Troj/Sysbug-Aは自身をsysdeb32.exeとしてWindowsフォルダにコピーし、システムログオン時に実行するよう、以下のレジストリ値を追加します：

HKLM￥Software￥Microsoft￥Windows￥CurrentVersion￥Run￥SystemDebug

Troj/Sysbug-AはWindowsフォルダにファイルsvc.savを作成し、C:￥temp35.txtも作成します。これらのファイルは悪性ではなく、単に削除できます。