Troj/SdBot-EG

Kategorie: Viren und Spyware Schutz verfügbar seit:31 Dez 2003 00:00:00 (GMT)
Typ: Trojan Zuletzt aktualisiert:31 Dez 2003 00:00:00 (GMT)
Verbreitung:

Download Kostenloses Virus Removal Tool downloaden – Finden Sie Bedrohungen, die Ihre Virenschutzsoftware übersehen hat

Troj/SdBot-EG is a backdoor Trojan which runs in the background as a service process and allows unauthorised remote access to the computer via IRC channels.

The Trojan copies itself to the Windows System folder as GESFM32.EXE and adds the following entries to the registry to run itself on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Netview = C:\<Windows system>\GESFM32.EXE

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Netview = C:\<Windows system>\GESFM32.EXE

Troj/SdBot-EG attempts to connect to a predefined IRC channel and then listens for commands from a remote intruder. If the Trojan receives the appropriate command it attempts to copy itself to the following locations on remote network shares with weak passwords:

Admin$\system32\MSMONK32.EXE
C$\winnt\system32\MSMONK32.EXE

Download Sophos Produkte kostenlos testen
Jetzt downloaden

© 1997 - 2012 Sophos Ltd. Alle Rechte vorbehalten. Rechtliche Hinweise Datenschutzrichtlinie Impressum