TROJ_DLOADER.SPI is showing up on a few machines a day.

We’ve been getting sporadic, but steady reports of the TROJ_DLOADER.SPI virus being detected on machines.  Trend Micro claims it’s not “in the wild.”  That’s not true.  I haven’t seen this many virus reports for XP in a long time.  Trend Micro’s fix is to update DAT’s and scan the machine.  I’ve tried to figure out what other anti-virus program providors are calling this virus to see if they recommend a different fix.  The virus appears to come from webpages.  Here’s a sample error:

Threat Alert from Anti-Virus ServerOfficeScan detected TROJ_DLOADER.SPI on PCname in my domains.

File: C:\Documents and Settings\<username>\Local Settings\Temporary Internet Files\Content.IE5\XFE1E8MF\_YzFvdDRpbmc_NzI4X2FvXzM5NThfMF8xMDIyOF9hb18_a2V5aW4_[1].exe

Detection date: 11/13/2007 14:33:05

Action: Virus successfully detected, cannot perform the Quarantine action

 I’ll keep an eye on this.  Let me know if you see anything.

 UPDATE: I got some more info on this.  Some of our SA’s have been tracking it.  The virus alerts come up when people visit a certain media industry website.  The site either pops up another site, or somehow redirects to “”.  Don’t go to that site unless you want to get infected.  You should consider blocking that site using Websense or other tools.  I hope this additional info helps.


3 responses to “TROJ_DLOADER.SPI is showing up on a few machines a day.

  1. I have seen this 11/14/2007:
    Virus Alert!!
    TROJ_DLOADER.SPI is detected on () in domain.
    Infected file: C:\Documents and Settings\\Local Settings\Application Data\Mozilla\Firefox\Profiles\9xsdb79z.default\Cache\27DC786Fd01
    Detection date: 11/14/2007 11:47:54
    Action: Virus successfully detected, cannot perform the Quarantine action

  2. I should add that we are using Trend Micro OfficeScan version 8

  3. We are getting this too;
    13/11/2007 9:49:51 TROJ_DLOADER.SPI _ZGl2aTRpMG4_a2V5aW5fYW9fNDY4M18yNzk4XzIzNThfYW9fX2FvXzM5NThfMF8xMDIzMl9hb18_a2V5aW4_[1].exe C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\G527WXMJ\

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s