TROJ_DLOADER.SPI is showing up on a few machines a day.

We’ve been getting sporadic, but steady reports of the TROJ_DLOADER.SPI virus being detected on machines.  Trend Micro claims it’s not “in the wild.”  That’s not true.  I haven’t seen this many virus reports for XP in a long time.  Trend Micro’s fix is to update DAT’s and scan the machine.  I’ve tried to figure out what other anti-virus program providors are calling this virus to see if they recommend a different fix.  The virus appears to come from webpages.  Here’s a sample error:

Threat Alert from Anti-Virus ServerOfficeScan detected TROJ_DLOADER.SPI on PCname in my domains.

File: C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\Content.IE5\XFE1E8MF\_YzFvdDRpbmc_NzI4X2FvXzM5NThfMF8xMDIyOF9hb18_a2V5aW4_[1].exe

Detection date: 11/13/2007 14:33:05

Action: Virus successfully detected, cannot perform the Quarantine action

 I’ll keep an eye on this.  Let me know if you see anything.

 UPDATE: I got some more info on this.  Some of our SA’s have been tracking it.  The virus alerts come up when people visit a certain media industry website.  The site either pops up another site, or somehow redirects to “malware-scan.com”.  Don’t go to that site unless you want to get infected.  You should consider blocking that site using Websense or other tools.  I hope this additional info helps.

Advertisements

3 responses to “TROJ_DLOADER.SPI is showing up on a few machines a day.

  1. I have seen this 11/14/2007:
    Virus Alert!!
    TROJ_DLOADER.SPI is detected on () in domain.
    Infected file: C:\Documents and Settings\\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xsdb79z.default\Cache\27DC786Fd01
    Detection date: 11/14/2007 11:47:54
    Action: Virus successfully detected, cannot perform the Quarantine action

  2. I should add that we are using Trend Micro OfficeScan version 8

  3. We are getting this too;
    13/11/2007 9:49:51 TROJ_DLOADER.SPI _ZGl2aTRpMG4_a2V5aW5fYW9fNDY4M18yNzk4XzIzNThfYW9fX2FvXzM5NThfMF8xMDIzMl9hb18_a2V5aW4_[1].exe C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\G527WXMJ\

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s