Troj/Manifest-A, Trojan.Win32.ManifestDestiny.a, Trojan.Manifest, TROJ_MANIFEST.A, Win32/ManDest.A
W32.Manifest.Trojan, ManifestDest, W32/Trojan!d3c0, W32/Trojan!61a7, Win32:Trojan-gen
Category: Trojan Horse
Active & Spreading
Europe, North and South America
26 Nov 2002
Consistent with the characteristics of Trojan Horse malwares, the W32.Manifest.Trojan misrepresents itself as a type of video codec which is circulated among Peer to Peer file sharing networks. This particular threat is designed to install a File Transfer Protocol engine in the infected computer system. To support the file transfer functionality the Trojan Horse will also create a monitoring application as well as a mail server in the compromised machine.
W32.Manifest.Trojan Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a trojan horse removal tool to automatically clean W32.Manifest.Trojan from your computer.
More details about W32.Manifest.Trojan
A successful execution of the W32.Manifest.Trojan into the compromised computer system will allow the dropping of numerous file components. These files components will be placed in the Service subfolder under the directory where installed application components are located. The W32.Manifest.Trojan will normally make use of bitmap, system, initialization, and executable file types for its components. In some instances, the files extracted are versions of publicly or commercially available applications and so they are not detected as viral by security programs. Majority of the filenames used appear to reference communication programs or providers. After it has finished installation of these components the W32.Manifest.Trojan will resume by extracting at least three Dynamic Link Library files in the same directory folder as the operating system files.
What the W32.Manifest.Trojan does is that it takes components from various public or commercial program and incorporates them into its own. Various computer security experts have observed that the Internet monitoring module, File Transfer Protocol engine, and Simple Mail Transfer Protocol engine used by the W32.Manifest.Trojan comes from different applications. Even the Dynamic Link Library files are versions found in distributable compression utilities. The W32.Manifest.Trojan will modify the contents of the Windows Registry by adding key values that will point to the location of its main executable file. It will send system and user information to a predetermined website.