We’ve been getting sporadic, but steady reports of the TROJ_DLOADER.SPI virus being detected on machines. Trend Micro claims it’s not “in the wild.” That’s not true. I haven’t seen this many virus reports for XP in a long time. Trend Micro’s fix is to update DAT’s and scan the machine. I’ve tried to figure out what other anti-virus program providors are calling this virus to see if they recommend a different fix. The virus appears to come from webpages. Here’s a sample error:
Threat Alert from Anti-Virus ServerOfficeScan detected TROJ_DLOADER.SPI on PCname in my domains.
File: C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\Content.IE5\XFE1E8MF\_YzFvdDRpbmc_NzI4X2FvXzM5NThfMF8xMDIyOF9hb18_a2V5aW4_.exe
Detection date: 11/13/2007 14:33:05
Action: Virus successfully detected, cannot perform the Quarantine action
I’ll keep an eye on this. Let me know if you see anything.
UPDATE: I got some more info on this. Some of our SA’s have been tracking it. The virus alerts come up when people visit a certain media industry website. The site either pops up another site, or somehow redirects to “malware-scan.com”. Don’t go to that site unless you want to get infected. You should consider blocking that site using Websense or other tools. I hope this additional info helps.