|
Details:
Upon execution, this program copies itself to a randomly named EXE file in the Windows System directory. It also employs a stealth mechanism, where it deletes the original file that executed so that it appears to have done nothing. Aside from dropping a copy of itself in the Windows System directory, it also adds a registry entry, "Microsoft Diagnostic" so that its dropped file executes even after Windows restart.
Similar to other backdoor programs, the “features” or the extent of manipulation that an unknown hacker can employ to the system where this server component is running depends on the client component. It is apparent in the codes of this backdoor malware that the client program may caus it to execute any or all but not limited to the following:
- Shutdown Sygate Personal Firewall
- Shutdown Tiny Personal Firewall
- Shutdown ZoneAlarm Pro
- Shutdown ZoneAlarm
- Shutdown system
- Kill server
- Ping
- Send packets
- Download file
- Log Off
- Restart system
- Sleep
- IRC
- Execute file
- Update client
For additional information about this threat, see:
Overview
Solution
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
