TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
TROJ_MITGLIEDR.P
Overview
Solution

Malware type: Trojan

Aliases: Trojan-Proxy.Win32.Mitglieder.cl (Kaspersky), Proxy-Mitglieder (McAfee), Trojan.Mitglieder (Symantec), DR/Small.JT.1 (Avira), Troj/Padodor-F (Sophos),

In the wild: No

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, and XP

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 Low

Description: 

This Trojan gathers information about the user's IP address and proxy port. It then sends gathered information to the following URLs:

  • http://65.75.191.120/pr/script.php
  • http://www.craginmachine.com/images/script.php
  • http://www.denialsoft.com/script.php
  • http://www.karl-marx.ru/script.php
  • http://www.karl-snickers.ru/script.php
  • http://www.magnoliaprop.net/script.php
  • http://www.mysubie.com/images/script.php

It drops a copy of itself as WINDOW.EXE in the Windows system folder. It also terminates certain security and antivirus-related processes.

This Trojan runs on Windows 95, 98, ME, NT, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 6, 2004 6:24:40 AM GMT -0800
Description updated: Jul. 6, 2004 7:32:43 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.