Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Richard Oliver
October 31, 2007, 10:05 am
rate this thread
Early Google hit is for the info below from Sophos. Of course, other trojans may
use that filename.
Google has no hits for the other trojan you mention. I suggest you ask the AV
company who gave it
Don't do any internet banking! Change your online banking passwords. Check the
W32/Nanpy-A is a worm for the Windows platform. It may spread to vulnerable
computers via the
RPC-DCOM exploit, and attempt to redirect access to various banking websites.
When first run W32/Nanpy-A copies itself to <System>\mmsvc32.exe.
The following registry entry is created to run mmsvc32.exe on startup:
Microsoft Network Services Controller
W32/Nanpy-A modifies the HOSTS file, mapping the URLs of banking websites to a
remote IP. At the
time of writing, this IP address is not functional.
Snob? Were I a snob, I wouldn't be talking to you.
- » A copy of Mark Ludwig's Computer Virus Super-Technology 1996 is for sale.
- — Previous thread in » Anti-Virus Software