Troj/AnaFTP-01

Category: Viruses and Spyware Protection available since:27 Jan 2003 00:00:00 (GMT)
Type: Trojan Last Updated:21 Mar 2003 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Troj/AnaFTP-01 is an FTP Trojan that copies itself to the file C:\Windows\ Rundll.exe and sets the following registry entries to ensure the Trojan will be run on system restart:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
recover.bmp.exe = C:\Windows\Rundll.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services\
recover.bmp.exe = C:\Windows\Rundll.exe

HKLM\Software\Microsoft\Active Setup\Installed Components\
recover.bmp.exe = Stub Path C:\Windows\Rundll.exe ASC

Troj/AnaFTP-01 will insert the lines 'Load=Rundll.exe' and 'Run=Rundll.exe' in the [Windows] section of C:\Windows\Win.ini as well as the line 'Shell=Explorer .exe Rundll.exe' in the [Boot] section of C:\Windows\System.ini.

The Trojan will open port 41462 for listening, allowing remote access to the user's file system via commands sent to Troj/AnaFTP-01.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy