Exploit:Win32/MS05002.gen

Detected by Microsoft Defender Antivirus

Aliases: Win32/MS05-002!exploit (CA) Trojan-Downloader.Win32.Ani.c (Kaspersky) Exploit-ANIfile (McAfee) RIFF/Ani_expliot.gen (Norman) Troj/Dloader-KH (Sophos) Trojan-Exploit.Anicmoo.ax (Sunbelt Software) Downloader.Trojan (Symantec) TROJ_ANICMOO.AF (Trend Micro)

Summary

Exploit:Win32/MS05002.gen is a generic detection for malware that exploits a vulnerability in the way certain un-patched versions of Microsoft Windows handle malformed animated cursor files. These files commonly have an 'ani' file extension. The exploit causes a buffer overflow that could allow an attacker to remotely execute arbitrary code on impacted systems.

A patch for this vulnerability has been available since 2005, and further discussion is located on Technet (http://www.microsoft.com/technet/security/Bulletin/MS05-002.mspx).

Manual removal is not recommended for this threat. Use Microsoft Security Essentials or another up-to-date scanning and removal tool to detect and remove this threat and other unwanted software from your computer. For more information on Microsoft security products, see http://www.microsoft.com/protect/products/computer/default.mspx.

Exploit:Win32/MS05002.gen

Summary

What to do now

Technical information

Threat behavior

Prevention

Symptoms