Symantec has released a patch for a Trojan bug that attacks users who have installed Microsoft’s Windows XP Service Pack 2 security software.
The Phel Trojan is distributed as an .html file. Symantec said that when an infected file is opened, it displays two Internet Explorer browser windows. An error may then occur, preventing the code from executing further.
However, should the code execute successfully, Phel downloads a file from the searchproject.net domain and executes it. Data is then downloaded from this domain, which is saved as My.hta in a variety of folders on the user’s PC.
Symantec said the main effect of the Trojan is to cause an overall degradation in performance on the infected machine.
Microsoft is believed to be developing its own patch for Phel.