This Trojan launches a proxy mail server on the victim machine. It is a WindowsDLL file. It is 27,136 bytes in size. InstallationThis Trojan will be installed to the victim machine by another malicious program. In order to ensure that the Trojan is launched automatically each time Windowsis restarted, the Trojan adds a link to the Windows system directory. The linkleads to a component which will load the Trojan file. [HKCU\Software\Microsoft\Windows\CurrentVersion\Run] "RealUpdater" = "<path and name of Trojan executable file>" The Trojan also creates the following registry key, and save its configurationto this key: [HKCU\Software\Timeout] The Trojan launches an SMTP proxy server on a randomly chosen TCP port. Itthen sends the port number in a URL request to the remote malicious user’ssite. The victim machine can then be used as part of a boot net to send spam. The Trojan downloads updates for its executable file from the following links: http://69.28.***.195/cgi-bin/get.cgihttp://www.ftops****.com/cgi-bin/get.cgihttp://www.g***port.biz/cgi-bin/get.cgi These will be saved to the Windows root directory: %WinDir%\realupd.exe This Trojan also harvest account passwords from the data files of the followingICQ and mail clients: TrillianMirandaMirabilis ICQTheBat!Outlook The Trojan sends the harvested data to the remote malicious user's site, togetherwith information about what operating system version is installed on the victimmachine, and how long the Trojan has been running. If your computer does not have an up-to-date antivirus, or does not have anantivirus solution at all, follow the instructions below to delete the maliciousprogram: - Delete the original Trojan file (the location will depend onhow the program originally penetrated the victim machine).
- Delete the following file:
%WinDir%\realupd.exe - Delete the following system registry key parameter:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"RealUpdater" - Delete the following registry key:
[HKCU\Software\Timeout] - Update your antivirus databases and perform a full scan of thecomputer (download a trial version of Kaspersky Anti-Virus).
Printed From:http://www.viruslist.com/en/viruses/encyclopedia?virusid=41134
Similar Virus/Threat >>
Trojan-Proxy.Win32.Agent.o
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. It is 139,264 bytes insize. It is not packed in any way. It is...
Trojan-Proxy.Win32.Agent.q
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is 28,796 bytesin size. It is not packed in any...
Trojan-Proxy.Win32.Agent.v
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is approximately19KB in size. It is packed using...
Trojan-Proxy.Win32.Daemonize.a
This Trojan launches a proxy server on the victim machine without the user'sknowledge or consent. This makes it possible for a remote malicious user toappear as though his actions are being carried...
Trojan-Proxy.Win32.Agent.x
This Trojan launches a proxy server on the victim machine without the knowledgeor consent of the user. It is a Windows PE EXE file. The file is approximately17KB in size. It is packed using...
Trojan-Proxy.Win32.Xorpix.v
This Trojan program makes it possible for a remote malicious user to use thevictim machine as a proxy server. It is a Windows PE EXE file. The file isapproximately 15KB in size. It is written in...
Trojan-Proxy.Win32.Xorpix.ar
This Trojan program makes it possible for a remote malicious user to use thevictim machine as a proxy server. It is a Windows PE EXE file. The file isapproximately 17KB in size. It is packed...
|
