Aliases: Trojan.MSIL.Petun.a (Kaspersky) Mal/MSIL-BA (Sophos)
PWS:MSIL/Petun.A is a trojan that steals information from the affected computer. The information is then sent to a remote attacker via email or uploaded to an FTP server. PWS:MSIL/Petun.A is also capable of changing certain computer settings.
To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:
For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.
Enabling the command prompt
This threat may disable the command prompt, which further prevents you from reversing its other computer changes. To enable the command prompt, follow these instructions:
- Using an administrator account, open the Group Policy Object Editor. To do this, go to Start and in the search box, type gpedit.msc.
- The Group Policy Object Editor should open. Go to Local Computer Policy>User Configuration>Administrative Templates>System and select Prevent access to the command prompt:
- Double-click on Prevent access to the command prompt and select Enable: Press OK and exit the Local Group Policy Editor.
Additional remediation instructions for PWS:MSIL/Petun.A
This threat may make lasting changes to a computer's configuration that are NOT restored by detecting and removing this threat. For more information on returning an infected computer to its pre-infected state, please see the following article/s:
- Restoring your System Registry:
- For Windows 7: http://windows.microsoft.com/en-us/windows7/Back-up-the-registry
- For Windows Vista: http://windows.microsoft.com/en-US/windows-vista/Back-up-the-registry
- For Windows XP: http://support.microsoft.com/kb/322756/
- Enabling Task Manager:
- For Windows Vista: http://windows.microsoft.com/en-us/windows-vista/Troubleshoot-Task-Manager-problems
- For Windows XP: http://support.microsoft.com/kb/913623/
- For other support and help related articles, go to:
- Microsoft Security TechNet Center: http://technet.microsoft.com/security/default.aspx