|
Description:
Upon execution, this backdoor program drops several files in the Windows and Windows system folders. Some of the dropped files are .EXE files with the following attributes, which enable them to avoid being seen using Windows Explorer:
The other dropped files are .DLL files, which are used by this backdoor program as its keylogging components.
Once installed in a system, this backdoor program may inform the perpetrator of the system's infection via email, ICQ Pager, cgi-page, or ProMessenger.
It creates the file KTD32.ATM, which it uses to log keystrokes, in the Windows folder.
This backdoor program's server component, which is installed on an infected system, connects to its client component. Once a connection is made, this backdoor program can perform the following routines:
- Retrieve system information, such as:
- Computer Name
- Internet Explorer version
- User Name
- Windows System variables
- Windows version and language
- Retrieve e-mail entries
- Send messages
- Search for files
- View and kill running processes
- Do printing in victim's printer
- Show/hide opened windows
- View running services
- Retrieve logs from its keylogging component
This backdoor program runs on Windows 95, 98, ME, NT, 2000, and XP.
For additional information about this threat, see:
Solution
Technical Details
Description created: Aug. 9, 2004 11:10:57 AM GMT -0800
Description updated: Mar. 18, 2005 2:59:53 AM GMT -0800
Search a new malware
Tell us how we did. Take our quick survey.
|
Save & Share
