This Trojan program makes it possible for a remote malicious user to use thevictim machine as a proxy server. It is a Windows PE EXE file. The file isapproximately 15KB in size. It is written in Visual C++. It is packed usingUPack. The unpacked file is approximately 258KB in size. InstallationOnced launched, the Trojan drops the files listed below to %Documents andSettings%\%All Users%\Common Documents%\Settings. - polymorph.dll — the attribute 'hidden' is assigned to this file
- desktop.ini — the attribute ‘hidden’ is assigned to this file
The Trojan ensures that its library will be loaded when the Winlogon processstarts (on system boot): [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\polymorphreg]
"Asynchronous"="dword: 0x00000001"
"DllName"="%Documents and Settings%\%All Users%\%Common Documents%\Settings\polymorph.dll"
"Startup"="polymorphreg"
"Impersonate"="dword: 0x00000001" The Trojan constantly checks that this key is present in the registry, andwill restore it if the key is manually deleted. This Trojan makes it possible for a remote malicious user to appear to beworking on the victim machine within a network. The victim machine may be used as part of a botnet for sending spam and maliciousprograms. When the system is started, it loads a library which launches IEXPLORE.EXEinto which malicious code has been injected. This process will open a randomTCP port. Notification is then sent to maila.microsoft.com. The Trojan will try to access the Internet and connect to the following address: http://66.36.***.132 Use Kaspersky Anti-Virus 6.0 to delete the Trojan. Update your antivirus databasesand perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=120642
Similar Virus/Threat >>
Trojan-Proxy.Win32.Agent.o
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. It is 139,264 bytes insize. It is not packed in any way. It is...
Trojan-Proxy.Win32.Agent.q
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is 28,796 bytesin size. It is not packed in any...
Trojan-Proxy.Win32.Agent.v
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is approximately19KB in size. It is packed using...
Trojan-Proxy.Win32.Daemonize.a
This Trojan launches a proxy server on the victim machine without the user'sknowledge or consent. This makes it possible for a remote malicious user toappear as though his actions are being carried...
Trojan-Proxy.Win32.Mitglieder.o
This Trojan launches a proxy mail server on the victim machine. It is a WindowsDLL file. It is 27,136 bytes in size. InstallationThis Trojan will be installed to the victim machine by another...
Trojan-Proxy.Win32.Agent.x
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is approximately17KB in size. It is packed using...
Trojan-Proxy.Win32.Xorpix.ar
This Trojan program makes it possible for a remote malicious user to use thevictim machine as a proxy server. It is a Windows PE EXE file. The file isapproximately 17KB in size. It is packed...
|
