TROJ_MTGLIEDR.BN - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

TROJ_MTGLIEDR.BN

Overview

Solution

Technical Details

Malware type: Trojan

Aliases: Proxy-Mitglieder (McAfee), Trojan.Mitglieder (Symantec), TR/Proxy.Mitgl.BN.1 (Avira), Troj/Lohav-I (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, NT, 2000, ME, XP

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Low
Distribution potential:		High

Description:

This Trojan arrives via email. It drops the file REGSRV32.EXE in the Windows folder. It also drops the following files in the Windows system folder:

FI�.EXE - malware copy
SYSDOOR.EXE - malware copy
NOPAT.EXE

It also creates the text file BAN_LIST.TXT in order to store IP addresses to be used for its routines.

This Trojan opens the port 17771 and waits for remote commands from a malicious user. It also notifies several Web sites that the said port has been opened on the system. It is also capable of terminating several processes.

It runs on Windows 95, 98, NT, ME, 2000, and XP.

For additional information about this threat, see:
Solution
Technical Details

Description created: Jul. 20, 2004 4:25:25 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.