Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Back to news

Doctor Web disarms modifications of virus faking web-pages

October 29, 2008

Doctor Web — the Russian developer of IT security solutions branded Dr.Web — has successfully neutralized the whole family of Trojan.Ws232Pacther that fake ad links displayed on search results pages of Yandex, Rambler, Google and other search engines.

Trojan.Ws232Pacther infect the ws2_32.dll system file merging all its segments so it becomes much easier to infect. The Trojan places 16 Kbytes of malicious code near the end of the file. After that the malicious program intercepts some export functions of the library.

The Trojan belongs to malicious programs faking web pages that change contents of a webp-page loaded by the browser of a user (e.g it changes links displayed as search results or as advertisements). The new species was discovered by analysts of the Yandex web-portal and by specialists of Doctor Web. Dr.Web software detected the malware as belonging to the Trojan.Ws232Pacther family.

By now two modifications of the Trojan are found: Trojan.Ws232Pacther.1 and Trojan.Ws232Pacther.2. The first one was discovered on October 27 while the second variation emerged one day later. Trojan.Ws232Pacther.2 has a new encryption key but doesn’t have an encrypted piece of HTML code.

Trojan.Ws232Pacther do not impose any threat to users of Dr.Web software. Those who still hasitate which anti-virus they should choose can use the free Dr.Web CureIt! utility available for downloading at www.freedrweb.com http://www.freedrweb.com. The program will scan your computer using the latest update of the Dr.Web virus database without installation in the system. Dr.Web CureIt! will help you to get rid of Trojan.Ws232Pacther and other malicious programs that could evade detection by an installed anti-virus. Besides, a free browser plugin called Dr.Web LinkChecker can be used for regular check of links.

Tell us what you think

You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.


Other comments

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040