This Trojan program makes it possible for a remote malicious user to use thevictim machine as a proxy server. It is a Windows PE EXE file. The file isapproximately 17KB in size. It is packed using UPack. The unpacked file isapproximately 258KB in size. InstallationOnced launched, the Trojan drops the file shown below to %Documents and Settings%\%AllUsers%\Common Documents%\Settings. - arm32.dll — the attribute 'hidden' is assigned to this file
The Trojan ensures that its library will be loaded when the Winlogon processstarts (on system boot): [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\arm32reg]
"Asynchronous"="dword: 0x00000001"
"DllName"="%Documents and Settings%\%All Users%\%Common Documents%\Settings\arm32.dll"
"Startup"="arm32reg"
"Impersonate"="dword: 0x00000001" The Trojan constantly checks that this key is present in the registry, andwill restore it if the key is manually deleted. The Trojan downloads a configuration file from the remote malicious user'ssite, and saves it to the following folder: %Documents and Settings%\%All Users%\%Common Documents%\Settings\desktop.ini The Trojan launches the iexplore.exe process and injects its code into thisprocess. This process will open a random TCP port. The remote malicious userwill then be notified of the open port number. This enables the remote malicious user to work as if from the victim machinewithin a network. Use Kaspersky Anti-Virus 6.0 to delete the Trojan. Update your antivirus databasesand perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=138399
Similar Virus/Threat >>
Trojan-Proxy.Win32.Agent.o
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. It is 139,264 bytes insize. It is not packed in any way. It is...
Trojan-Proxy.Win32.Agent.q
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is 28,796 bytesin size. It is not packed in any...
Trojan-Proxy.Win32.Agent.v
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is approximately19KB in size. It is packed using...
Trojan-Proxy.Win32.Daemonize.a
This Trojan launches a proxy server on the victim machine without the user'sknowledge or consent. This makes it possible for a remote malicious user toappear as though his actions are being carried...
Trojan-Proxy.Win32.Mitglieder.o
This Trojan launches a proxy mail server on the victim machine. It is a WindowsDLL file. It is 27,136 bytes in size. InstallationThis Trojan will be installed to the victim machine by another...
Trojan-Proxy.Win32.Agent.x
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is approximately17KB in size. It is packed using...
Trojan-Proxy.Win32.Xorpix.v
This Trojan program makes it possible for a remote malicious user to use thevictim machine as a proxy server. It is a Windows PE EXE file. The file isapproximately 15KB in size. It is written in...
|
