- 13 February 2007
- Risk Impact:
- File Names:
- Can have any file name. Has been reported as ScannersToy.exe and lsass.exe
- Systems Affected:
SecurityRisk.ScanToy is a tool that is ostensibly designed to scan a local system and LAN for exploits. It can also be used as part of a larger Denial of Service (DoS) or worm attack.
The files are detected as SecurityRisk.ScanToy.
- Significant increase in outgoing port traffic.
Must be intentionally loaded and run.
Antivirus Protection Dates
- Initial Rapid Release version 02 October 2014 revision 022
- Latest Rapid Release version 01 February 2015 revision 020
- Initial Daily Certified version 28 October 2003
- Latest Daily Certified version 17 January 2008 revision 033
- Initial Weekly Certified release date 29 October 2003
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
This tool is written ostensibly to scan for exploits, but can also be used maliciously. Options for scanning include:
- WebAdmin MDaemon Scanning
- Web Scanning
- RPC DCOM fast Scanning
- Proxy scanning
- TCP port Scanning
- MS SQL Server Scanning
- DNS Lookup
Data may be written to an ASCII file, which may optionally be encrypted.
This application does not drop files (other than an optional log) and does not set registry keys. It does not install itself.
The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
- Update the definitions.
- Run a full system scan and delete all the files detected as SecurityRisk.ScanToy.
1. Updating the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.
2. Scanning for and deleting the files
- Start Norton AntiVirus and make sure that it is configured to scan all the files. For more information, read the document, "How to configure Norton AntiVirus to scan all files."
- Run a full system scan.
- If any files are detected as SecurityRisk.ScanToy, click Delete.