Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Win32.Skoob.B

Nov 26, 2003 12:04AM PST

Alias: Downloader.MSCache (Symantec),
Trojan.Win32.TalkStocks (Kaspersky),
Win32/Skoob.B.Downloader.DLL.Trojan,
Win32/Skoob.B.Downloader.Trojan
Category: Win32
Type: Trojan
Published Date: 11/24/2003
Last Modified: 11/25/2003

CHARACTERISTICS
Win32.Skoob.B is a trojan written with Microsoft C. It consists of an executable component called mscache2.exe, 114688 bytes in size, and a DLL called mscache2.dll, 122880 bytes in size.

These two files may be downloaded by another component (detected as Win32.Skoob or Win32/Skoob.Downloader) from the skoobidoo domain, and
saved to the user's System directory.

The trojan attempts to download other files from URLs on the geocities domain, although at the time of publishing these were no longer available.

The DLL component of the trojan, attempts to retrieve updates for itself from URLs on the blazefind and skoobidoo domains.

Analysis by Taras Malivanchuk

http://www3.ca.com/virusinfo/virus.aspx?ID=37635

Discussion is locked