Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Ken Pfeil (Keninfosec101.org)
Date: Fri Dec 28 2001 - 11:01:31 CST
At lease two different AntiVirus companies now detect this. TROJ_DLDER.A or
Trojan/W32.Dlder is installed with the full installation of Grokster.
InCntrl5 install logs available to womever needs it..
Here's the response from Panda's lab.
From: Virus Research Lab. [mailto:viruspandasoftware.com]
Sent: Friday, December 28, 2001 11:47 AM
Subject: RE: (EG)FW: New Trojan
After checking in our laboratory the files you enclose, we can confirm they
belong to the trojan known as Trojan/W32.Dlder. Due to the nature of the
files, they can only be deleted.
Find enclosed the latest signatures file, you can detect and eliminate this
trojan with. Follow this procedure:
1.- Decompress the Pav.zip file in the directory where the antivirus is
2.- Copy the PAV.SIG file generated to the \Windows\System (if you run
W95/W98) or \WinNT\System32 directory (if you run NT).
3.- Restart your system and use the antivirus normally.
If you find any problems with the process, you may contact our technical
support department (supportpandasoftware.com) where you can be given the
You will soon find information about this trojan in the following URL:
Virus Research Lab
Buenos Aires 12
48001 BILBAO - SPAIN
Phone: +34 94 425 11 00 Fax: +34 94 424 46 97
"The first antivirus company in the world to offer technical support
services 24 hours a day, 365 days a year and daily updates. "
Ridding the Planet of Viruses! Try our products, FREE! at
> -----Mensaje original-----
> De: Ken Pfeil [SMTP:Keninfosec101.org]
> Enviado el: viernes 28 de diciembre de 2001 16:04
> Para: virusvirus.pandasoftware.com
> Asunto: (EG)FW: New Trojan
> -----Original Message-----
> From: Ken Pfeil [mailto:Keninfosec101.org]
> Sent: Friday, December 28, 2001 9:25 AM
> To: supportpandasoftware.com; labspandasoftware.com
> Cc: pbustamantepandasoftware.com; pbustamantepandasoftware.es
> Subject: New Trojan
> The online scanner did not pick this up, however Trend's did. TROJ_DLDER.A
> is what it came up with.
> Password is "test"
> <<Archivo: test.zip>>