Malware type: Backdoor

Aliases: Backdoor.Win32.Ginwui.e (Kaspersky), Generic BackDoor.d (McAfee), Backdoor.Ginwui.E (Symantec), BDS/Ginui.E (Avira), Troj/Oscor-K (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 2000, XP, Server 2003

Encrypted: No

Description: 

To get a one-glance comprehensive view of the behavior of this backdoor, refer to the Behavior Diagram shown below.

Malware Overview

This backdoor arrives on a system as a file dropped by another malware that Trend Micro detects as W97M_MDROPPER.AB.

It is dropped in the current user's Temporary folder as 20060424.BAK. When executed, it drops WINGUIS.DLL in the Windows system folder. The said .DLL file contains the backdoor routine.

It opens various ports to allow a remote malicious user to connect to the affected machine. Once connected, the remote user may then issue certain commands on the affected system. The said routine compromises system security.

This backdoor employs its rootkit capability in order to hide its files, process, and registry entry from an affected user, thus avoiding easy detection. In addition, it attempts to access a certain Web site.

For additional information about this threat, see:
Solution
Technical Details

Description created: May. 19, 2006 3:23:05 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.