|
TrojanProxy.Win32.Mitglieder. Viruses Information
| Name: |
TrojanProxy.Win32.Mitglieder. |
| Category: |
Viruses |
| Description:
|
Details
TrojanProxy.Win32.Mitglieder.a
This Trojan program enables the attacker to use the infected computer as a mail proxy-server. It runs under Windows, and is approximately 9KB, compressed using UPX. The decompressed file is approximately 35KB.
Installation
When launched, the Trojan copies itself to the Windows system directory under the name 'system.exe'
To enable autorun, the Trojan creates the following key in the system registry
HKCUSoftwareMicrosoftWindowsCurrentVersionRun
ssgrate.exe = %system%system.exe
The Trojan then attempts to connect to several remote servers to transmit information about the infected computer (IP address etc) to the author of the worm.
The programs opens port 39999 on the infected machine and installs itself as a proxy server. Once this has been done, the infected machine can be used in spamming.
Other
The Trojan searches for the following processes in memory and attempts to stop them from working.
ATUPDATER.EXE
AVWUPD32.EXE
AVPUPD.EXE
LUALL.EXE
DRWEBUPW.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
UPDATE.EXE
NUPGRADE.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVXQUAR.EXE
CFIAUDIT.EXE
MCUPDATE.EXE
NUPGRADE.EXE |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
AlphaVirus famil
LightGeneral.105
Macro.Word.Wazz
Macro.Word.Puss
Nuker.Trance.168
Worm.Win32.Sasser.
Algerian.140
Topa.247
I-Worm.Mimail.
Rauser.164.
|
